CVE-2020-25672
📋 TL;DR
CVE-2020-25672 is a memory leak vulnerability in the Linux kernel's llcp_sock_connect function. This vulnerability allows attackers to cause denial of service by exhausting system memory, affecting systems running vulnerable Linux kernel versions with NFC (Near Field Communication) support enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or unavailability due to memory exhaustion, potentially requiring physical reboot.
Likely Case
Degraded system performance and instability leading to denial of service for affected services.
If Mitigated
Minimal impact if NFC functionality is disabled or systems are properly patched.
🎯 Exploit Status
Requires local access and ability to trigger NFC socket connections. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.9.8 and later
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d4a8638814b1cbf94f4e487b4c7b8dfb6c5a3b5
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.9.8 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable NFC functionality
linuxPrevent exploitation by disabling NFC kernel module or functionality
modprobe -r nfc
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable NFC functionality at kernel level if not required
- Implement strict access controls to prevent unauthorized local access to systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is earlier than 5.9.8 and NFC is enabled, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version is 5.9.8 or later with uname -r and check NFC module status with lsmod | grep nfc.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory exhaustion warnings in dmesg
- System performance degradation logs
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR memory_exhaustion)🔗 References
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
