Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-14304
HistorySep 15, 2020 - 12:00 a.m.

CVE-2020-14304

2020-09-1500:00:00
ubuntu.com
ubuntu.com
18
linux kernel
ethernet drivers
memory disclosure
local user
eeprom
vulnerability
confidentiality
bugs
debian
red hat
suse
mellanox driver
root privileges

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

A memory disclosure flaw was found in the Linux kernel’s ethernet drivers,
in the way it read data from the EEPROM of the device. This flaw allows a
local user to read uninitialized values from the kernel memory. The highest
threat from this vulnerability is to confidentiality.

Bugs

Notes

Author Note
sbeattie no progress as of 2020.10.26, debian bug had a proposed patch that was shown to be not correct.
sbeattie Looks to affect Mellanox driver?
sbeattie Requires root privileges, and does not allow attacker to target specific memory.

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%