CVE-2020-14386

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://seclists.org/oss-sec/2020/q3/146

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06

https://lists.fedoraproject.org/archives/list/[email protected]/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

http://www.openwall.com/lists/oss-security/2021/09/17/2

http://www.openwall.com/lists/oss-security/2021/09/17/4

http://www.openwall.com/lists/oss-security/2021/09/21/1

Details

Source: MITRE

Published: 2020-09-16

Updated: 2021-12-10

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
151419EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)NessusHuawei Local Security Checks
high
147690EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)NessusHuawei Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
147318NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078)NessusNewStart CGSL Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145986CentOS 8 : kernel (CESA-2020:4286)NessusCentOS Local Security Checks
high
145201EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)NessusHuawei Local Security Checks
high
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
144244EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)NessusHuawei Local Security Checks
high
143844SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3225-1)NessusSuSE Local Security Checks
high
143840SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2623-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143767SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2610-1)NessusSuSE Local Security Checks
high
143236RHEL 8 : kernel (RHSA-2020:5199)NessusRed Hat Local Security Checks
high
142978Amazon Linux AMI : kernel (ALAS-2020-1446)NessusAmazon Linux Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142148EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)NessusHuawei Local Security Checks
high
141777Oracle Linux 8 : kernel (ELSA-2020-4286)NessusOracle Linux Local Security Checks
high
141606RHEL 8 : kernel (RHSA-2020:4286)NessusRed Hat Local Security Checks
high
141603RHEL 8 : kernel-rt (RHSA-2020:4289)NessusRed Hat Local Security Checks
high
141580RHEL 8 : kernel (RHSA-2020:4287)NessusRed Hat Local Security Checks
high
141396Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)NessusOracle Linux Local Security Checks
high
141395Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)NessusOracle Linux Local Security Checks
high
141388openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)NessusSuSE Local Security Checks
high
141332EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)NessusHuawei Local Security Checks
high
141329EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)NessusHuawei Local Security Checks
high
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
140580Photon OS 3.0: Linux PHSA-2020-3.0-0140NessusPhotonOS Local Security Checks
high
140536Photon OS 2.0: Linux PHSA-2020-2.0-0282NessusPhotonOS Local Security Checks
high
140508Fedora 32 : kernel (2020-b858b48b23)NessusFedora Local Security Checks
high
140495Photon OS 1.0: Linux PHSA-2020-1.0-0323NessusPhotonOS Local Security Checks
high
140480SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2582-1)NessusSuSE Local Security Checks
critical
140478SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2578-1)NessusSuSE Local Security Checks
high
140477SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2577-1)NessusSuSE Local Security Checks
high
140476SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2576-1)NessusSuSE Local Security Checks
critical
140475SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)NessusSuSE Local Security Checks
high
140450Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Linux kernel vulnerability (USN-4489-1)NessusUbuntu Local Security Checks
high
140449SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2574-1)NessusSuSE Local Security Checks
high
140443openSUSE Security Update : the Linux Kernel (openSUSE-2020-1382)NessusSuSE Local Security Checks
high
140442openSUSE Security Update : the Linux Kernel (openSUSE-2020-1379)NessusSuSE Local Security Checks
high
140210Amazon Linux AMI : kernel (ALAS-2020-1430)NessusAmazon Linux Local Security Checks
high
140209Amazon Linux 2 : kernel (ALAS-2020-1488)NessusAmazon Linux Local Security Checks
high