CVE-2020-25645

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-25645
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25645.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25645
Downstream
Related
Published
2020-10-13T20:15:12Z
Modified
2025-08-09T19:01:28Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

References

Affected packages