CVE-2020-10732medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
https://github.com/google/kmsan/issues/76
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://lore.kernel.org/lkml/[email protected]om/
https://security.netapp.com/advisory/ntap-20210129-0005/
https://twitter.com/grsecurity/status/1252558055629299712
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
Details
Source: MITRE
Published: 2020-06-12
Updated: 2021-01-29
Type: CWE-200
Risk Information
CVSS v2
Base Score: 3.6
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Impact Score: 2.5
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Configuration 4
OR
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Configuration 5
AND
OR
OR
Configuration 6
AND
OR
OR
Configuration 7
AND
OR
OR
Configuration 8
AND
OR
OR
Configuration 9
AND
OR
OR
Configuration 10
AND
OR
OR
Configuration 11
AND
OR
OR
Configuration 12
AND
OR
OR
Configuration 13
AND
OR
OR
Configuration 14
AND
OR
OR
Configuration 15
AND
OR
OR
Configuration 16
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150665 | SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14442-1) | Nessus | SuSE Local Security Checks | high |
| 147318 | NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078) | Nessus | NewStart CGSL Local Security Checks | high |
| 146282 | openSUSE Security Update : RT kernel (openSUSE-2021-242) | Nessus | SuSE Local Security Checks | high |
| 145806 | CentOS 8 : kernel (CESA-2020:4431) | Nessus | CentOS Local Security Checks | medium |
| 144831 | EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056) | Nessus | Huawei Local Security Checks | critical |
| 142576 | EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443) | Nessus | Huawei Local Security Checks | high |
| 142430 | RHEL 8 : kernel (RHSA-2020:4431) | Nessus | Red Hat Local Security Checks | medium |
| 142382 | RHEL 8 : kernel-rt (RHSA-2020:4609) | Nessus | Red Hat Local Security Checks | medium |
| 142240 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353) | Nessus | Huawei Local Security Checks | high |
| 141727 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001) | Nessus | Scientific Linux Local Security Checks | high |
| 141619 | CentOS 7 : kernel (CESA-2020:4060) | Nessus | CentOS Local Security Checks | high |
| 141374 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044) | Nessus | OracleVM Local Security Checks | critical |
| 141057 | RHEL 7 : kernel (RHSA-2020:4060) | Nessus | Red Hat Local Security Checks | high |
| 141026 | RHEL 7 : kernel-rt (RHSA-2020:4062) | Nessus | Red Hat Local Security Checks | high |
| 140917 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-2150) | Nessus | Huawei Local Security Checks | medium |
| 140378 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1) | Nessus | SuSE Local Security Checks | medium |
| 140361 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0041) | Nessus | OracleVM Local Security Checks | medium |
| 140328 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1958) | Nessus | Huawei Local Security Checks | high |
| 140208 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837) | Nessus | Oracle Linux Local Security Checks | medium |
| 140183 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1) | Nessus | Ubuntu Local Security Checks | high |
| 140141 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1920) | Nessus | Huawei Local Security Checks | medium |
| 139531 | Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5805) | Nessus | Oracle Linux Local Security Checks | medium |
| 139476 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804) | Nessus | Oracle Linux Local Security Checks | high |
| 139408 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2152-1) | Nessus | SuSE Local Security Checks | high |
| 139364 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1) | Nessus | SuSE Local Security Checks | high |
| 139308 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1) | Nessus | SuSE Local Security Checks | medium |
| 139137 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807) | Nessus | Huawei Local Security Checks | high |
| 139028 | Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1) | Nessus | Ubuntu Local Security Checks | medium |
| 139027 | Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1) | Nessus | Ubuntu Local Security Checks | medium |
| 138854 | Amazon Linux 2 : kernel (ALAS-2020-1465) | Nessus | Amazon Linux Local Security Checks | high |
| 138836 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1) | Nessus | Ubuntu Local Security Checks | high |
| 138727 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-935) | Nessus | SuSE Local Security Checks | high |
| 138679 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-801) | Nessus | SuSE Local Security Checks | medium |
| 138643 | Amazon Linux AMI : kernel (ALAS-2020-1401) | Nessus | Amazon Linux Local Security Checks | high |
| 138272 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1) | Nessus | SuSE Local Security Checks | critical |
| 138136 | Ubuntu 20.04 : Linux kernel vulnerabilities (USN-4411-1) | Nessus | Ubuntu Local Security Checks | medium |
| 137781 | Photon OS 1.0: Linux PHSA-2020-1.0-0303 | Nessus | PhotonOS Local Security Checks | high |
| 137617 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1) | Nessus | SuSE Local Security Checks | medium |
| 137616 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1603-1) | Nessus | SuSE Local Security Checks | medium |
| 137615 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1602-1) | Nessus | SuSE Local Security Checks | medium |
| 137613 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1) | Nessus | SuSE Local Security Checks | medium |
| 137608 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1587-1) | Nessus | SuSE Local Security Checks | medium |
| 137391 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01) | Nessus | Slackware Local Security Checks | medium |
| 137341 | Debian DSA-4699-1 : linux - security update | Nessus | Debian Local Security Checks | medium |
| 137340 | Debian DSA-4698-1 : linux - security update | Nessus | Debian Local Security Checks | medium |
| 137339 | Debian DLA-2242-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | medium |