Lucene search

[email protected]NVD:CVE-2020-11884

HistoryApr 29, 2020 - 1:15 p.m.

CVE-2020-11884

2020-04-2913:15:11

CWE-362

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.4%

JSON

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.15–4.19.119

linuxlinux_kernelRange4.20–5.4.36

linuxlinux_kernelRange5.5–5.6.8

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

canonicalubuntu_linuxMatch20.04lts

Node

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_backupMatch-

netappelement_softwareMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappsolidfire_baseboard_management_controllerMatch-

Node

netappbootstrap_osMatch-

AND

netapphci_compute_nodeMatch-

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610c_firmwareMatch-

AND

netapph610cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

References

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/

security.netapp.com/advisory/ntap-20200608-0001/

usn.ubuntu.com/4342-1/

usn.ubuntu.com/4343-1/

usn.ubuntu.com/4345-1/

www.debian.org/security/2020/dsa-4667

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.4%

JSON

Related for NVD:CVE-2020-11884

nessus14 fedora5 ubuntucve1 f51 cve1 openvas10 ubuntu3 redhatcve1 osv2 veracode1 prion1 cbl_mariner1 debiancve1 cvelist1 oraclelinux2 redhat3 debian2 photon2 cloudfoundry1