Lucene search

[email protected]CVE-2020-11884

HistoryApr 29, 2020 - 1:15 p.m.

CVE-2020-11884

2020-04-2913:15:11

CWE-362

[email protected]

web.nvd.nist.gov

214

cve-2020-11884

linux kernel

s390 platform

code execution

race condition

crash

security vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

14.2%

JSON

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.15–4.19.119

linuxlinux_kernelRange4.20–5.4.36

linuxlinux_kernelRange5.5–5.6.8

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

canonicalubuntu_linuxMatch20.04lts

Node

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_backupMatch-

netappelement_softwareMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappsolidfire_baseboard_management_controllerMatch-

Node

netappbootstrap_osMatch-

AND

netapphci_compute_nodeMatch-

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610c_firmwareMatch-

AND

netapph610cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

References

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/

security.netapp.com/advisory/ntap-20200608-0001/

usn.ubuntu.com/4342-1/

usn.ubuntu.com/4343-1/

usn.ubuntu.com/4345-1/

www.debian.org/security/2020/dsa-4667

Social References

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

14.2%

JSON

Related for CVE-2020-11884

fedora5 ubuntucve1 f51 nessus14 veracode1 osv2 openvas10 cbl_mariner1 cvelist1 prion1 debiancve1 ubuntu3 redhatcve1 nvd1 redhat3 oraclelinux2 debian2 photon2 cloudfoundry1