CVE-2020-25221

Name: CVE-2020-25221
Creator: NVD / NIST
Published: 2020-09-10T14:15:17.59+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.67%

Last modified Jun 17, 2026

CVE-2020-25221 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.67%

47.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-672

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.7.0, < 5.8.7
Netapp	Cloud Backup	All versions
Netapp	Solidfire\, Enterprise Sds \& Hci Storage Node	All versions
Netapp	Solidfire \& Hci Management Node	All versions
Netapp	Hci Compute Node	All versions
Netapp	Solidfire Baseboard Management Controller	All versions

References

http://www.openwall.com/lists/oss-security/2020/09/10/4Mailing List, Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7Release Notes, Vendor Advisory
https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73aIssue Tracking, Patch, Vendor Advisory
https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2Issue Tracking, Patch, Vendor Advisory
https://security.netapp.com/advisory/ntap-20201001-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/09/08/4Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/10/4Mailing List, Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7Release Notes, Vendor Advisory
https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73aIssue Tracking, Patch, Vendor Advisory
https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2Issue Tracking, Patch, Vendor Advisory
https://security.netapp.com/advisory/ntap-20201001-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/09/08/4Mailing List, Patch, Third Party Advisory

Timeline

Published: Sep 10, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-25221?

How severe is CVE-2020-25221?

CVE-2020-25221 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.

How do I fix CVE-2020-25221?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-25221?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST