CVE-2020-25671: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2020-25671) was discovered in the Linux Kernel's NFC LLCP protocol implementation, specifically a refcount leak in the llcpsockconnect() function that could lead to a use-after-free condition. The vulnerability was discovered by kiyin (尹亮) of TenCent and disclosed on November 1, 2020 (OSS Security).

The vulnerability occurs in the llcpsockconnect() function where nfcllcplocalget() increases the refcount of local, but if nfcllcpgetlocalssap returns LLCPSAPMAX, the function returns without properly decreasing the refcount. This allows an attacker to repeatedly call llcpsock_connect() to keep increasing the refcount until it reaches problematic values. The CVSS v3.1 base score for this vulnerability is 7.8 (High), with the vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability could lead to privilege escalations through use-after-free conditions. If the refcount reaches 0x80000000, it may cause a system panic, or if unhandled, continue to increment until wrapping around to 0, potentially leading to memory corruption when the freed memory is accessed (OSS Security).

The vulnerability has been fixed in multiple Linux distributions. Ubuntu has released patches for various versions including 5.11.0-18.19 for Ubuntu 21.04, 5.8.0-59.66 for Ubuntu 20.10, and 5.4.0-74.83 for Ubuntu 20.04 LTS (Ubuntu). Debian has also released fixes in version 4.19.194-1~deb9u1 for Debian 9 stretch (Debian LTS).