CVE-2020-10768

LOW

Description

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf

Details

Source: MITRE

Published: 2020-09-16

Updated: 2020-09-22

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
high
140328EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1958)NessusHuawei Local Security Checks
high
140183Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)NessusUbuntu Local Security Checks
high
140181Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4483-1)NessusUbuntu Local Security Checks
high
139995EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)NessusHuawei Local Security Checks
high
139551Debian DLA-2323-1 : linux-4.19 new packageNessusDebian Local Security Checks
high
139531Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5805)NessusOracle Linux Local Security Checks
low
139476Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5804)NessusOracle Linux Local Security Checks
high
139401openSUSE Security Update : the Linux Kernel (openSUSE-2020-1153)NessusSuSE Local Security Checks
high
139364SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1)NessusSuSE Local Security Checks
high
139362SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2121-1)NessusSuSE Local Security Checks
high
139310SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2107-1)NessusSuSE Local Security Checks
high
139309SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2106-1)NessusSuSE Local Security Checks
high
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
high
139187RHEL 8 : kernel (RHSA-2020:3222)NessusRed Hat Local Security Checks
high
139137EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)NessusHuawei Local Security Checks
high
139028Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)NessusUbuntu Local Security Checks
high
139027Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)NessusUbuntu Local Security Checks
high
138854Amazon Linux 2 : kernel (ALAS-2020-1465)NessusAmazon Linux Local Security Checks
high
138836Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)NessusUbuntu Local Security Checks
high
138807RHEL 8 : kernel-rt (RHSA-2020:3016)NessusRed Hat Local Security Checks
high
138805RHEL 8 : kernel (RHSA-2020:3010)NessusRed Hat Local Security Checks
high
138798RHEL 8 : kernel (RHSA-2020:3041)NessusRed Hat Local Security Checks
medium
138727openSUSE Security Update : the Linux Kernel (openSUSE-2020-935)NessusSuSE Local Security Checks
high
138643Amazon Linux AMI : kernel (ALAS-2020-1401)NessusAmazon Linux Local Security Checks
high
138288SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1713-1)NessusSuSE Local Security Checks
low
138284SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1699-1)NessusSuSE Local Security Checks
high
138283SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1693-1)NessusSuSE Local Security Checks
high
138190Photon OS 2.0: Linux PHSA-2020-2.0-0256NessusPhotonOS Local Security Checks
high
138181Photon OS 3.0: Linux PHSA-2020-3.0-0108NessusPhotonOS Local Security Checks
high
137732Fedora 31 : kernel (2020-1b2dae6219)NessusFedora Local Security Checks
low
137677Fedora 32 : kernel (2020-125ccdc871)NessusFedora Local Security Checks
low