Lucene search

K
cvelistRedhatCVELIST:CVE-2020-14304
HistorySep 15, 2020 - 7:40 p.m.

CVE-2020-14304

2020-09-1519:40:44
CWE-460
redhat
www.cve.org
7
linux
kernel
ethernet
memory disclosure
eeprom
local user
uninitialized values
confidentiality

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%

A memory disclosure flaw was found in the Linux kernel’s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "Linux Kernel",
    "versions": [
      {
        "status": "affected",
        "version": "5.6.7-1"
      },
      {
        "status": "affected",
        "version": "4.19.118-2"
      },
      {
        "status": "affected",
        "version": "4.9.210-1"
      }
    ]
  }
]

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%