A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
https://github.com/google/kmsan/issues/76
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://twitter.com/grsecurity/status/1252558055629299712
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
https://lore.kernel.org/lkml/[email protected]om/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
https://usn.ubuntu.com/4440-1/
Source: MITRE
Published: 2020-06-12
Updated: 2021-12-21
Type: CWE-908
Base Score: 3.6
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Impact Score: 2.5
Exploitability Score: 1.8
Severity: MEDIUM