CVE-2020-11884
Published: 28 April 2020
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
From the Ubuntu Security Team
Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Notes
| Author | Note |
|---|---|
| sbeattie | this issue only affects s390 kernels |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-99.100)
|
| eoan |
Released
(5.3.0-51.44)
|
|
| focal |
Released
(5.4.0-28.32)
|
|
| precise |
Not vulnerable
(pre 4.15)
|
|
| trusty |
Not vulnerable
(pre 4.15)
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(pre 4.15)
|
|
|
Patches: Introduced by 0aaba41b58bc5f3074c0c0a6136b9500b5e29e19 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(s390 only)
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1019.21~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(s390 only)
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1083.93)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-51.44~18.04.2)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Released
(4.15.0-99.100~16.04.1)
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Not vulnerable
(pre 4.15)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(pre 4.15)
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Not vulnerable
(s390 only)
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(s390 only)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(s390 only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7~rc4)
|
|
| xenial |
Not vulnerable
(s390 only)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.0 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |