Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-10767

Good to know:

icon
icon

Date: September 15, 2020

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.

Language: C

Severity Score

Related Resources (7)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada
https://nvd.nist.gov/vuln/detail/CVE-2020-10767
https://security-tracker.debian.org/tracker/CVE-2020-10767
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
https://access.redhat.com/security/cve/CVE-2020-10767
https://www.mend.io/vulnerability-database/CVE-2020-10767

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Expected Behavior Violation

CWE-440

Top Fix

icon

Upgrade Version

Upgrade to version v5.8-rc1,v4.4.228,v4.9.228,v4.14.185,v4.19.129,v5.4.47,v5.7.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us