Information Disclosure

2020-07-2303:17:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

kernel is vulnerable to information disclosure. The prctl() function can be used to enable indirect branch speculation even after it has been disabled. This same call will incorrectly report it being ‘force disabled’ when it is not.

CPENameOperatorVersion
kernel-rteq4.18.0__193.12.1.rt13.63.el8_2
kerneleq4.18.0__147.6.el8
kerneleq4.18.0__193.12.1.el8_2
kerneleq4.18.0__193.1.2.el8_2
kerneleq4.18.0__147.3.1.el8_1
kerneleq4.18.0__177.el8
kerneleq4.18.0__187.el8
kerneleq4.18.0__80.1.2.el8_0
kerneleq4.18.0__168.el8
kerneleq4.18.0__193.el8

Name	Operator	Version
kernel-rt	eq	4.18.0__193.12.1.rt13.63.el8_2
kernel	eq	4.18.0__147.6.el8
kernel	eq	4.18.0__193.12.1.el8_2
kernel	eq	4.18.0__193.1.2.el8_2
kernel	eq	4.18.0__147.3.1.el8_1
kernel	eq	4.18.0__177.el8
kernel	eq	4.18.0__187.el8
kernel	eq	4.18.0__80.1.2.el8_0
kernel	eq	4.18.0__168.el8
kernel	eq	4.18.0__193.el8