CVE-2020-10732

Advisory lineage Upstream: 0 Downstream: 33

Downstream

DEBIAN-CVE-2020-10732 DLA-2242-1 DSA-4698-1 DSA-4699-1 MGASA-2020-0333 OPENSUSE-SU-2020:0801-1

Modified

Published: 12 Jun 2020, 00:00

Last modified:04 Aug 2024, 11:14

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

v3.1 (nvd)

EPSS Score

0.04% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Jun 2020, 00:00

Published

Vulnerability first disclosed

04 Aug 2024, 11:14

Last Modified

Vulnerability information updated

Description

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

CVSS Metrics

v3.1•LOW•Score: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
v2.0•LOW•Score: 3.6AV:L/AC:L/Au:N/C:P/I:N/A:P

EPSS Trends

Current EPSS score: 0.04%• Percentile: 12%

Techniques & Countermeasures

CWE-908•Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 20.04
linux kernel•kernel
introduced in commit 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187
linux•linux_kernel
< 3.16.85 | ≥ 4.4, < 4.4.226 | ≥ 4.9, < 4.9.226 | ≥ 4.14, < 4.14.183 | ≥ 4.19, < 4.19.126 | ≥ 5.4, < 5.4.44 | ≥ 5.6, < 5.6.16
netapp•active_iq_unified_manager
≥ 9.5
netapp•aff_8300_firmware
na
netapp•aff_8700_firmware
na
netapp•aff_a400_firmware
na
netapp•aff_a700_firmware
na
netapp•h300e_firmware
na
netapp•h300s_firmware
na
netapp•h410c_firmware
na
netapp•h410s_firmware
na
netapp•h500e_firmware
na
netapp•h500s_firmware
na
netapp•h700e_firmware
na
netapp•h700s_firmware
na
netapp•hci_management_node
na
netapp•solidfire
na
netapp•steelstore_cloud_integrated_storage
na
opensuse•leap
15.1 | 15.2