A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
https://github.com/google/kmsan/issues/76
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://lore.kernel.org/lkml/[email protected]om/
https://security.netapp.com/advisory/ntap-20210129-0005/
https://twitter.com/grsecurity/status/1252558055629299712
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
Source: MITRE
Published: 2020-06-12
Updated: 2021-01-29
Type: CWE-200
Base Score: 3.6
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Impact Score: 2.5
Exploitability Score: 1.8
Severity: MEDIUM
OR
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
147318 | NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078) | Nessus | NewStart CGSL Local Security Checks | high |
146282 | openSUSE Security Update : RT kernel (openSUSE-2021-242) | Nessus | SuSE Local Security Checks | high |
145806 | CentOS 8 : kernel (CESA-2020:4431) | Nessus | CentOS Local Security Checks | high |
144831 | EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056) | Nessus | Huawei Local Security Checks | critical |
142576 | EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443) | Nessus | Huawei Local Security Checks | high |
142430 | RHEL 8 : kernel (RHSA-2020:4431) | Nessus | Red Hat Local Security Checks | high |
142382 | RHEL 8 : kernel-rt (RHSA-2020:4609) | Nessus | Red Hat Local Security Checks | high |
142240 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353) | Nessus | Huawei Local Security Checks | high |
141727 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001) | Nessus | Scientific Linux Local Security Checks | high |
141619 | CentOS 7 : kernel (CESA-2020:4060) | Nessus | CentOS Local Security Checks | high |
141374 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044) | Nessus | OracleVM Local Security Checks | critical |
141057 | RHEL 7 : kernel (RHSA-2020:4060) | Nessus | Red Hat Local Security Checks | high |
141026 | RHEL 7 : kernel-rt (RHSA-2020:4062) | Nessus | Red Hat Local Security Checks | high |
140917 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-2150) | Nessus | Huawei Local Security Checks | high |
140378 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1) | Nessus | SuSE Local Security Checks | high |
140361 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0041) | Nessus | OracleVM Local Security Checks | high |
140208 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837) | Nessus | Oracle Linux Local Security Checks | high |
140183 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1) | Nessus | Ubuntu Local Security Checks | high |
140141 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1920) | Nessus | Huawei Local Security Checks | medium |
139531 | Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5805) | Nessus | Oracle Linux Local Security Checks | low |
139476 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804) | Nessus | Oracle Linux Local Security Checks | high |
139408 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2152-1) | Nessus | SuSE Local Security Checks | high |
139364 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1) | Nessus | SuSE Local Security Checks | high |
139308 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1) | Nessus | SuSE Local Security Checks | high |
139137 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807) | Nessus | Huawei Local Security Checks | high |
139028 | Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1) | Nessus | Ubuntu Local Security Checks | high |
139027 | Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1) | Nessus | Ubuntu Local Security Checks | high |
138854 | Amazon Linux 2 : kernel (ALAS-2020-1465) | Nessus | Amazon Linux Local Security Checks | high |
138836 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1) | Nessus | Ubuntu Local Security Checks | high |
138727 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-935) | Nessus | SuSE Local Security Checks | high |
138679 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-801) | Nessus | SuSE Local Security Checks | high |
138643 | Amazon Linux AMI : kernel (ALAS-2020-1401) | Nessus | Amazon Linux Local Security Checks | high |
138272 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1) | Nessus | SuSE Local Security Checks | critical |
138136 | Ubuntu 20.04 : Linux kernel vulnerabilities (USN-4411-1) | Nessus | Ubuntu Local Security Checks | medium |
137781 | Photon OS 1.0: Linux PHSA-2020-1.0-0303 | Nessus | PhotonOS Local Security Checks | high |
137617 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1) | Nessus | SuSE Local Security Checks | high |
137616 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1603-1) | Nessus | SuSE Local Security Checks | high |
137615 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1602-1) | Nessus | SuSE Local Security Checks | high |
137613 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1) | Nessus | SuSE Local Security Checks | high |
137608 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1587-1) | Nessus | SuSE Local Security Checks | high |
137391 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01) | Nessus | Slackware Local Security Checks | high |
137341 | Debian DSA-4699-1 : linux - security update | Nessus | Debian Local Security Checks | high |
137340 | Debian DSA-4698-1 : linux - security update | Nessus | Debian Local Security Checks | high |
137339 | Debian DLA-2242-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | high |