#VU47075 Resource management error


Published: 2020-09-16 | Updated: 2020-09-26

Vulnerability identifier: #VU47075

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-10767

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local user to perform a Spectre V2 style attack when this configuration is active.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.0 - 5.7.7


CPE

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10767
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21998a351512eba4ed5969006f0c55882d995ada


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability