7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
38.1%
A flaw was found in the Linux kernel. A use-after-free memory flaw was
found in the perf subsystem allowing a local attacker with permission to
monitor perf events to corrupt memory and possibly escalate privileges. The
highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.
Author | Note |
---|---|
sbeattie | access to the perf subsystem is restricted via either the CAP_PERFMON or CAP_SYS_ADMIN capabilities, or through loosened settings of the kernel.perf_event_paranoid sysctl. See https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html for more details. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux-raspi | < 5.4.0-1023.26 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-raspi | < 5.8.0-1008.11 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-snapdragon | < 4.15.0-1091.100 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-snapdragon | < 4.4.0-1146.156 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-raspi-5.4 | < 5.4.0-1023.26~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop-5.15 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gke-5.4 | < 5.4.0-1030.32~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gkeop-5.4 | < 5.4.0-1005.6 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde | < 5.4.0-1032.33 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < any | UNKNOWN |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351
launchpad.net/bugs/cve/CVE-2020-14351
lore.kernel.org/lkml/[email protected]/
lore.kernel.org/lkml/20200916115311.GE2301783@krava/
nvd.nist.gov/vuln/detail/CVE-2020-14351
security-tracker.debian.org/tracker/CVE-2020-14351
ubuntu.com/security/notices/USN-4657-1
ubuntu.com/security/notices/USN-4658-1
ubuntu.com/security/notices/USN-4659-1
ubuntu.com/security/notices/USN-4660-1
ubuntu.com/security/notices/USN-4912-1
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
38.1%