Main Vulnerability Database Exploits ID:6620 - Exploit for Use of insufficiently random values in Linux kernel - CVE-2020-25705

ID:6620 - Exploit for Use of insufficiently random values in Linux kernel - CVE-2020-25705

Published: August 15, 2021

Vulnerability identifier: #VU49150

Vulnerability risk: Medium

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330

Exploitation vector: Remote access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/tdwyer/CVE-2020-25705

Vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Remediation

Install updates from vendor's website.

ID:6620 - Exploit for Use of insufficiently random values in Linux kernel - CVE-2020-25705

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human