Vulnerability CVE-2020-14305

Vulnerability Name:

CVE-2020-14305 (CCN-192482)

Assigned:

2020-06-09

Published:

2020-06-09

Updated:

2022-10-14

Summary:

An out-of-bounds memory write flaw was found in how the Linux kernelâ€™s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-14305

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Source: MISC
Type: Exploit, Third Party Advisory
https://bugs.openvz.org/browse/OVZ-7188

Source: CCN
Type: Red Hat Bugzilla Bug 1850716
(CVE-2020-14305) - CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1850716

Source: XF
Type: UNKNOWN
linux-kernel-cve202014305-priv-esc(192482)

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0004/

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.11.12)

OR cpe:/o:linux:linux_kernel:4.12:-:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:netapp:a250_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:fas_500f:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:83485	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:56101	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:31317	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:86179	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:51707	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:29456	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:84247	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:57140	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:31715	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:86697	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:82663	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:55279	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:30158	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:84705	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:57538	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:32233	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:19520	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:83365	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:55981	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:30278	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:85781	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:58056	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:23719	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:58873	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:87514	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:33050	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:com.redhat.rhsa:def:20204062	P	RHSA-2020:4062: kernel-rt security and bug fix update (Important)	2020-09-29
oval:com.redhat.rhsa:def:20204060	P	RHSA-2020:4060: kernel security, bug fix, and enhancement update (Important)	2020-09-29

BACK