CVE-2020-10766

MEDIUM5.5

A logic bug flaw was found in Linux kernel before 5

Published Sep 15, 2020

Modified 1 years ago

No fix available

Details

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.

References

WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10766 WEBhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbbe2ad02e9df26e372f38cc3e70dab9222c832e ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-10766

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Other

CWE-440

Ecosystems

Timeline

PublishedSep 15, 2020

ModifiedAug 4, 2024