CVE-2020-12769

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

https://lkml.org/lkml/2020/2/3/559

https://security.netapp.com/advisory/ntap-20200608-0001/

https://usn.ubuntu.com/4391-1/

Details

Source: MITRE

Published: 2020-05-09

Updated: 2020-07-07

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
medium
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
medium
138727openSUSE Security Update : the Linux Kernel (openSUSE-2020-935)NessusSuSE Local Security Checks
high
138679openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)NessusSuSE Local Security Checks
medium
138272SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1)NessusSuSE Local Security Checks
critical
137617SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)NessusSuSE Local Security Checks
medium
137616SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1603-1)NessusSuSE Local Security Checks
medium
137615SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1602-1)NessusSuSE Local Security Checks
medium
137613SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1)NessusSuSE Local Security Checks
medium
137608SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1587-1)NessusSuSE Local Security Checks
medium
137391Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)NessusSlackware Local Security Checks
medium
137301Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4391-1)NessusUbuntu Local Security Checks
medium
137283Debian DLA-2241-2 : linux security updateNessusDebian Local Security Checks
medium
136870EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1592)NessusHuawei Local Security Checks
high