Lucene search

K
ibmIBMFA4B683BEB9B49C87C8F293AD46CC6FEDB68A76B71FDD62413EE14D604E1FE34
HistoryJun 15, 2020 - 12:36 a.m.

Security Bulletin: Denial of Service vulnerability in Linux Kernel affects IBM Spectrum Protect Plus (CVE-2020-12114)

2020-06-1500:36:15
www.ibm.com
28
linux kernel
ibm spectrum protect plus
denial of service
vulnerability
cve-2020-12114
ibm
spectrum protect
10.1.0-10.1.5
fix
linux

EPSS

0

Percentile

10.1%

Summary

There is a denial of service vulnerability in the Linux Kernel that affects IBM Spectrum Protect Plus.

Vulnerability Details

CVEID:CVE-2020-12114
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a pivot_root race condition in fs/namespace.c. By corrupting a mountpoint reference counter, a local attacker could exploit this vulnerability to cause a system panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181378 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.5

Remediation/Fixes

Spectrum Protect Plus Release First Fixing VRM Level Platform Link to Fix
10.1 10.1.6 Linux <https://www.ibm.com/support/pages/node/5693313&gt;

Workarounds and Mitigations

None