NACK: [PATCH 0/1] [SRU bionic/raspi2-5.3] CVE-2020-25705
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Feb 22 20:52:14 UTC 2021
On Mon, Feb 22, 2021 at 12:04:33PM -0700, Tim Gardner wrote:
> [Impact]
> A flaw in the way reply ICMP packets are limited in the Linux kernel
> functionality was found that allows to quickly scan open UDP ports.
> This flaw allows an off-path remote user to effectively bypassing source
> port UDP randomization. The highest threat from this vulnerability is to
> confidentiality and possibly integrity, because software that relies on UDP
> source port randomization are indirectly affected as well. Kernel versions
> before 5.10 may be vulnerable to this issue.
>
> From the Ubuntu security team:
> Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
> could be used to assist in scanning open UDP ports. A remote attacker could
> use to facilitate attacks on UDP based services that depend on source port
> randomization.
>
> [Test Case]
> Given the nature of the exploit, a test case is not feasible.
>
> [Potential regression]
> This is a simple one line code change that has been released in all
> other Focal kernels without regression.
5.3 kernels are not getting updates for issues with priority less than High.
Cascardo.
More information about the kernel-team
mailing list