CVE-2020-25673: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-25673 is a vulnerability discovered in the Linux kernel's NFC LLCP protocol implementation, specifically in the llcpsockconnect() function. The vulnerability was discovered by Kiyin (尹亮) and disclosed on November 1, 2020. The issue affects Linux kernel versions prior to 5.3.18, where a non-blocking socket in llcpsockconnect() leads to resource leaks and potential system hang-ups (OSS Security).

The vulnerability occurs in the NFC socket implementation where calling llcpsockconnect() with a non-blocking socket can lead to multiple issues. When a non-blocking socket is used and llcpsockconnect() is called with a meaningless servicename, the connection fails but leaves sk->skstate in a non-LLCPCONNECTED state. This allows multiple calls to llcpsockconnect(), resulting in resource leaks including llcpsock->dev, llcpsock->local, llcpsock->ssap, and llcpsock->servicename. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is a potential Denial of Service (DoS) condition. When exploited, the vulnerability can cause the system to hang up due to an endless loop created when nfcllcpsocklink() adds the same socket to local->connectingsockets twice, causing sk->sk_node->next to point to itself. Additionally, the vulnerability results in resource leaks that can degrade system performance (OSS Security, NetApp Advisory).

The vulnerability has been addressed in Linux kernel version 5.11.4 and later. Multiple Linux distributions have released security updates to patch this vulnerability, including Fedora 32, 33, and 34. Users are advised to update their systems to the patched versions. For Fedora systems, the fix is available in kernel version 5.11.14 (Fedora Update).