CVE-2020-14386

Published: Sep 16, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected (11)

Products: Linux: Linux Kernel · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Linux: Linux Kernel · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.10 to 4.14.201
Linux Linux Kernel	From 4.15 to 4.19.150
Linux Linux Kernel	From 4.20 to 5.4.64
Linux Linux Kernel	From 4.6 to 4.9.239
Linux Linux Kernel	From 5.5 to 5.8.8
Linux Linux Kernel	Version 5.9.0 rc1
Linux Linux Kernel	Version 5.9.0 rc2
Linux Linux Kernel	Version 5.9.0 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (24)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2021/09/17/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/17/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/21/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06

Source: secalert@redhat.com

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/

Source: secalert@redhat.com

https://seclists.org/oss-sec/2020/q3/146

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2021/09/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/17/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/21/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/oss-sec/2020/q3/146

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.