CVE-2020-25075 DNS cache poisoning attack

Is OpenWrt 19.07.4 vulnerable?

And if so is there a workaround?

Yep, see here:


Interesting. Thank you for the links.
After reading those I'm wondering if I have mitigated the attack somewhat because I've implemented DoT to Quad9 using Stubby.

If I use google dns for ipv4/ipv6 am I still affected?

It's more of an issue of being able to guess communication details (source port) in an unencrypted DNS session by abusing ICMP replies. If you use DNS over TLS/HTTPS/DNSSEC, this specific attack doesn't apply to you.

If your OpenWRT router has a new enough kernel version, the attack also isn't possible due to a patch that was included, see:

The patch in question for 4.14.203:

commit e1b8b57623521b7f4974476a20bd6ff971fde6c4
Author: Eric Dumazet <>
Date:   Thu Oct 15 11:42:00 2020 -0700

    icmp: randomize the global rate limiter
    [ Upstream commit b38e7819cae946e2edf869e604af1e65a5d241c5 ]
    Keyu Man reported that the ICMP rate limiter could be used
    by attackers to get useful signal. Details will be provided
    in an upcoming academic publication.
    Our solution is to add some noise, so that the attackers
    no longer can get help from the predictable token bucket limiter.
    Fixes: 4cdf507d5452 ("icmp: add a global rate limitation")
    Signed-off-by: Eric Dumazet <>
    Reported-by: Keyu Man <>
    Signed-off-by: Jakub Kicinski <>
    Signed-off-by: Greg Kroah-Hartman <>

This is worth a read if you want to know the specifics behind SAD:

1 Like

See the advisory

And also the forum announce:


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.