get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
Conclusion & alert: CVE-2020-25221 is rated Moderate Risk (48.1/100): CVSS High severity, with low exploitation likelihood (EPSS 0.67%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.19% | 0.67% | +0.47% |
| 2 | 2025-11-21 | 0.14% | 0.19% | +0.05% |
| 3 | 2025-11-18 | — | 0.14% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 7.2 | 2.0 | HIGH |
|
3.9 | 10.0 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2020-25221 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2020-25221 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-25221 |
suse
|
high | CVE-2020-25221 severity important: SUSE including 14 source package names (kernel-default, kernel-default-base, …), 257 product×package rows across 55 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (55 product lines)): Known Not Affected 257. | https://www.suse.com/security/cve/CVE-2020-25221/ |
ubuntu
|
medium | CVE-2020-25221 medium priority: Ubuntu including 38 source packages (linux, linux-aws, …), 228 status rows across 6 suites (bionic, focal, groovy, trusty, upstream, xenial): DNE 124, not-affected 48, released 38, ignored 18. | https://ubuntu.com/security/CVE-2020-25221 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 5.7.0, < 5.8.7 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| netapp | cloud_backup | — | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | — | cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:* |
| netapp | solidfire_\&_hci_management_node | — | cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* |
| netapp | hci_compute_node | — | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| netapp | solidfire_baseboard_management_controller | — | cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2020/09/10/4 | Mailing List Third Party Advisory |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 | Release Notes Vendor Advisory |
| https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a | Issue Tracking Patch Vendor Advisory |
| https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 | Issue Tracking Patch Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20201001-0003/ | Third Party Advisory |
| https://www.openwall.com/lists/oss-security/2020/09/08/4 | Mailing List Patch Third Party Advisory |