Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Dear Launchpad Ubuntu Team,
An error related to the "ppp_cp_parse_cr()" function (hdlc_ppp.c) can be exploited to trigger an infinite loop or an out-of-bounds read memory access via a specially crafted packet.
The vulnerability is reported in versions 5.4.x prior to 5.4.68, 4.19.x prior to 4.19.148, 4.14.x prior to 4.14.200, 4.9.x prior to 4.9.238, and 4.4.x prior to 4.4.238.
The following software is affected by the described vulnerability:
Linux Kernel 4.14.x
Linux Kernel 4.19.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 5.4.x
References
1. https:/
2. https:/
3. https:/
4. https:/
5. https:/
6. https:/
7. https:/
The issue affects Ubuntu 16 LTS.
Please provide an update.
Best regards,
it0001
CVE References
summary: |
- Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability; - ThreatCon 4 + Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
This appears to be: https:/ /people. canonical. com/~ubuntu- security/ cve/2020/ CVE-2020- 25643.html
Thanks