Ubuntu.comUB:CVE-2020-11884CVE-2020-11884
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.3%
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution
may occur because of a race condition, as demonstrated by code in
enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect
against a concurrent page table upgrade, aka CID-3f777e19d171. A crash
could also occur.
Notes
| Author | Note |
|---|---|
| sbeattie | this issue only affects s390 kernels |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < 4.15.0-99.100 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux | < 5.3.0-51.44 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < 5.4.0-28.32 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws-5.3 | < 5.3.0-1019.21~18.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-azure-4.15 | < 4.15.0-1083.93 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-hwe | < 5.3.0-51.44~18.04.2 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux-hwe | < 4.15.0-99.100~16.04.1 | UNKNOWN |
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.3%