Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-14351
HistorySep 25, 2020 - 12:00 a.m.

CVE-2020-14351

2020-09-2500:00:00
ubuntu.com
ubuntu.com
32

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.1%

A flaw was found in the Linux kernel. A use-after-free memory flaw was
found in the perf subsystem allowing a local attacker with permission to
monitor perf events to corrupt memory and possibly escalate privileges. The
highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.

Notes

Author Note
sbeattie access to the perf subsystem is restricted via either the CAP_PERFMON or CAP_SYS_ADMIN capabilities, or through loosened settings of the kernel.perf_event_paranoid sysctl. See https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html for more details.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.1%

Related for UB:CVE-2020-14351