Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-27170
HistoryMar 18, 2021 - 12:00 a.m.

CVE-2020-27170

2021-03-1800:00:00
ubuntu.com
ubuntu.com
45

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.2%

An issue was discovered in the Linux kernel before 5.11.8.
kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on
pointer arithmetic, leading to side-channel attacks that defeat Spectre
mitigations and obtain sensitive information from kernel memory, aka
CID-f232326f6966. This affects pointer types that do not define a
ptr_limit.

Notes

Author Note
alexmurray According to the upstream advisory, f232326f6966cf2a1d1db7bc917a4ce5f9f55f76 is the minimal fix but the whole series should be applied together
sbeattie kernels before 4.15 are not affected by this.

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.2%