CVE-2020-10732

LOW

Description

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d

https://github.com/google/kmsan/issues/76

https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a

https://lore.kernel.org/lkml/[email protected]om/

https://security.netapp.com/advisory/ntap-20210129-0005/

https://twitter.com/grsecurity/status/1252558055629299712

https://usn.ubuntu.com/4411-1/

https://usn.ubuntu.com/4427-1/

https://usn.ubuntu.com/4439-1/

https://usn.ubuntu.com/4440-1/

https://usn.ubuntu.com/4485-1/

Details

Source: MITRE

Published: 2020-06-12

Updated: 2021-01-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 4.4

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Impact Score: 2.5

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:netapp:aff_a700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_a700:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13

AND

OR

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14

AND

OR

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 15

AND

OR

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 16

AND

OR

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
147318NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078)NessusNewStart CGSL Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145806CentOS 8 : kernel (CESA-2020:4431)NessusCentOS Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
142576EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443)NessusHuawei Local Security Checks
high
142430RHEL 8 : kernel (RHSA-2020:4431)NessusRed Hat Local Security Checks
high
142382RHEL 8 : kernel-rt (RHSA-2020:4609)NessusRed Hat Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
141727Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141619CentOS 7 : kernel (CESA-2020:4060)NessusCentOS Local Security Checks
high
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141057RHEL 7 : kernel (RHSA-2020:4060)NessusRed Hat Local Security Checks
high
141026RHEL 7 : kernel-rt (RHSA-2020:4062)NessusRed Hat Local Security Checks
high
140917EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-2150)NessusHuawei Local Security Checks
high
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
high
140361OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0041)NessusOracleVM Local Security Checks
high
140208Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837)NessusOracle Linux Local Security Checks
high
140183Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)NessusUbuntu Local Security Checks
high
140141EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1920)NessusHuawei Local Security Checks
medium
139531Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5805)NessusOracle Linux Local Security Checks
low
139476Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804)NessusOracle Linux Local Security Checks
high
139408SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2152-1)NessusSuSE Local Security Checks
high
139364SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1)NessusSuSE Local Security Checks
high
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
high
139137EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)NessusHuawei Local Security Checks
high
139028Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)NessusUbuntu Local Security Checks
high
139027Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)NessusUbuntu Local Security Checks
high
138854Amazon Linux 2 : kernel (ALAS-2020-1465)NessusAmazon Linux Local Security Checks
high
138836Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)NessusUbuntu Local Security Checks
high
138727openSUSE Security Update : the Linux Kernel (openSUSE-2020-935)NessusSuSE Local Security Checks
high
138679openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)NessusSuSE Local Security Checks
high
138643Amazon Linux AMI : kernel (ALAS-2020-1401)NessusAmazon Linux Local Security Checks
high
138272SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1)NessusSuSE Local Security Checks
critical
138136Ubuntu 20.04 : Linux kernel vulnerabilities (USN-4411-1)NessusUbuntu Local Security Checks
medium
137781Photon OS 1.0: Linux PHSA-2020-1.0-0303NessusPhotonOS Local Security Checks
high
137617SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)NessusSuSE Local Security Checks
high
137616SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1603-1)NessusSuSE Local Security Checks
high
137615SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1602-1)NessusSuSE Local Security Checks
high
137613SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1)NessusSuSE Local Security Checks
high
137608SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1587-1)NessusSuSE Local Security Checks
high
137391Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)NessusSlackware Local Security Checks
high
137341Debian DSA-4699-1 : linux - security updateNessusDebian Local Security Checks
high
137340Debian DSA-4698-1 : linux - security updateNessusDebian Local Security Checks
high
137339Debian DLA-2242-1 : linux-4.9 security updateNessusDebian Local Security Checks
high