Home > Vulnerability Database > CVE-2020-10768

Mend.io Vulnerability Database

CVE-2020-10768

Good to know:

Date: September 15, 2020

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

Language: C

Severity Score

5.5

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2020-10768

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10768

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768

Url: https://access.redhat.com/security/cve/CVE-2020-10768

Url: https://www.mend.io/vulnerability-database/CVE-2020-10768

Severity Score

5.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Expected Behavior Violation

CWE-440

Top Fix

Upgrade Version

Upgrade to version v5.8-rc1,v5.7.3,v5.4.47,v4.19.129,v4.14.185,v4.9.228,v4.4.228

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10768

Good to know:

Date: September 15, 2020

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?