Lucene search

K
cveRedhatCVE-2020-14356
HistoryAug 19, 2020 - 3:15 p.m.

CVE-2020-14356

2020-08-1915:15:12
CWE-476
redhat
web.nvd.nist.gov
381
2
cve-2020-14356
linux
kernel
cgroupv2
null pointer dereference
system crash
privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

Affected configurations

Nvd
Vulners
Node
linuxlinux_kernelRange4.54.9.231
OR
linuxlinux_kernelRange4.104.14.189
OR
linuxlinux_kernelRange4.154.19.134
OR
linuxlinux_kernelRange4.205.4.53
OR
linuxlinux_kernelRange5.55.7.10
Node
redhatenterprise_linuxMatch8.0
Node
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
debiandebian_linuxMatch9.0
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappcloud_backupMatch-
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
Node
netappsolidfire_baseboard_management_controller_firmwareMatch-
AND
netappsolidfire_baseboard_management_controllerMatch-
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Rows per page:
1-10 of 151

CNA Affected

[
  {
    "product": "Kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Kernel versions before 5.7.10"
      }
    ]
  }
]

Social References

More

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%