CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
18.0%
Severity: High
Date : 2020-03-08
CVE-ID : CVE-2020-2732 CVE-2020-9383
Package : linux
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1108
The package linux before version 5.5.7.arch1-1 is vulnerable to
multiple issues including authentication bypass and information
disclosure.
Upgrade to 5.5.7.arch1-1.
The problems have been fixed upstream in version 5.5.7.arch1.
None.
An issue has been found in KVM before 5.5.7, where vmx_check_intercept
ws is not yet fully implemented on Intel processors, causing e.g. the
I/O or MSR interception bitmaps not to be checked. This in turn allowed
the L2 guest to trick the L0 hypervisor into accessing sensitive
information on the L1 hypervisor.
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in
drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read
because the FDC index is not checked for errors before assigning it,
aka CID-2e90ca68b0d2.
A local malicious attacker can disclose sensitive information through
side-channel cache attacks, or bypass authentication measures by
abusing the floppy drivers.
https://www.openwall.com/lists/oss-security/2020/02/25/3
https://www.spinics.net/lists/kvm/msg208259.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07721feee46b4b248402133228235318199b05ec
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35a571346a94fb93b5b3b6a599675ef3384bc75c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e71237d3ff1abf9f3388337cfebf53b96df2020d
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
https://security.archlinux.org/CVE-2020-2732
https://security.archlinux.org/CVE-2020-9383
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07721feee46b4b248402133228235318199b05ec
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35a571346a94fb93b5b3b6a599675ef3384bc75c
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e71237d3ff1abf9f3388337cfebf53b96df2020d
github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
security.archlinux.org/AVG-1108
security.archlinux.org/CVE-2020-2732
security.archlinux.org/CVE-2020-9383
www.openwall.com/lists/oss-security/2020/02/25/3
www.spinics.net/lists/kvm/msg208259.html
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
18.0%