CVE-2020-10774

Published: 27 May 2021

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

Notes

Author	Note
sbeattie	RHEL8 only

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
linux-aws Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Ignored (was not-affected (RHEL 8 kernel only) ESM criteria)
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-aws-5.0 Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gcp Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-gcp-4.15 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-oem-osp1 Launchpad, Ubuntu, Debian	focal	Does not exist
	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-raspi Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Ignored (was not-affected (RHEL 8 kernel only) ESM criteria)
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-aws-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-aws-hwe Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-azure Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Ignored (was not-affected (RHEL 8 kernel only) ESM criteria)
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-azure-4.15 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-azure-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-azure-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gcp-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gcp-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gke-4.15 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gke-5.0 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-gke-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-hwe-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Ignored (end of life, was not-affected)
linux-kvm Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-lts-trusty Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Does not exist
	trusty	Ignored (was not-affected (RHEL 8 kernel only) ESM criteria)
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-oem Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Ignored (end of standard support, was not-affected)
linux-oem-5.6 Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-oracle Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-oracle-5.0 Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was not-affected)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-oracle-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-raspi2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Not vulnerable (RHEL 8 kernel only)
	focal	Ignored (end of life, was not-affected)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)
linux-raspi2-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-riscv Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	focal	Not vulnerable (RHEL 8 kernel only)
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Does not exist
linux-snapdragon Launchpad, Ubuntu, Debian	bionic	Not vulnerable (RHEL 8 kernel only)
	eoan	Does not exist
	focal	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (RHEL 8 kernel only)
	xenial	Not vulnerable (RHEL 8 kernel only)

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›