Lucene search

K
nvd[email protected]NVD:CVE-2020-10732
HistoryJun 12, 2020 - 2:15 p.m.

CVE-2020-10732

2020-06-1214:15:11
CWE-908
web.nvd.nist.gov
10
linux kernel
userspace core dumps
local account
crash program
exfiltrate kernel data

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

19.5%

A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.16.85
OR
linuxlinux_kernelRange4.44.4.226
OR
linuxlinux_kernelRange4.94.9.226
OR
linuxlinux_kernelRange4.144.14.183
OR
linuxlinux_kernelRange4.194.19.126
OR
linuxlinux_kernelRange5.45.4.44
OR
linuxlinux_kernelRange5.65.6.16
Node
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
Node
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
netappaff_a700Match-
AND
netappaff_a700_firmwareMatch-
Node
netapph410cMatch-
AND
netapph410c_firmwareMatch-
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph300eMatch-
AND
netapph300e_firmwareMatch-
Node
netapph500e_firmwareMatch-
AND
netapph500eMatch-
Node
netapph700e_firmwareMatch-
AND
netapph700eMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
netappaff_8300_firmwareMatch-
AND
netappaff_8300Match-
Node
netappaff_8700_firmwareMatch-
AND
netappaff_8700Match-
Node
netappaff_a400_firmwareMatch-
AND
netappaff_a400Match-
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 351

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

19.5%