Ubuntu
linux package

Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability

Bug #1898742 reported by it0001
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Dear Launchpad Ubuntu Team,

An error related to the "ppp_cp_parse_cr()" function (hdlc_ppp.c) can be exploited to trigger an infinite loop or an out-of-bounds read memory access via a specially crafted packet.

The vulnerability is reported in versions 5.4.x prior to 5.4.68, 4.19.x prior to 4.19.148, 4.14.x prior to 4.14.200, 4.9.x prior to 4.9.238, and 4.4.x prior to 4.4.238.

The following software is affected by the described vulnerability:

Linux Kernel 4.14.x
Linux Kernel 4.19.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 5.4.x

References

1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.12
2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.68
3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148
4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.200
5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.238
6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.238
7. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105

The issue affects Ubuntu 16 LTS.

Please provide an update.

Best regards,

it0001

CVE References

it0001 (it0001-escrypt)
summary: - Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability;
- ThreatCon 4
+ Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability
Revision history for this message
Seth Arnold (seth-arnold) wrote :

This appears to be: https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25643.html

Thanks

affects: linux-meta (Ubuntu) → linux (Ubuntu)
information type: Private Security → Public Security
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1898742

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Steve Beattie (sbeattie)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.