CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
redhatCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
linuxlinux_kernel
𝑥
< 3.16.85
linuxlinux_kernel
4.4 ≤
𝑥
< 4.4.226
linuxlinux_kernel
4.9 ≤
𝑥
< 4.9.226
linuxlinux_kernel
4.14 ≤
𝑥
< 4.14.183
linuxlinux_kernel
4.19 ≤
𝑥
< 4.19.126
linuxlinux_kernel
5.4 ≤
𝑥
< 5.4.44
linuxlinux_kernel
5.6 ≤
𝑥
< 5.6.16
opensuseleap
15.1
opensuseleap
15.2
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
20.04
netappactive_iq_unified_manager
9.5 ≤
netapphci_management_node
-
netappsolidfire
-
netappsteelstore_cloud_integrated_storage
-
netappaff_a700_firmware
-
netapph410c_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph300e_firmware
-
netapph500e_firmware
-
netapph700e_firmware
-
netapph410s_firmware
-
netappaff_8300_firmware
-
netappaff_8700_firmware
-
netappaff_a400_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
jessie
ignored
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
focal
Fixed 5.4.0-40.44
released
eoan
ignored
bionic
Fixed 4.15.0-115.116
released
xenial
Fixed 4.4.0-186.216
released
trusty
ignored
linux-aws
focal
Fixed 5.4.0-1018.18
released
eoan
ignored
bionic
Fixed 4.15.0-1080.84
released
xenial
Fixed 4.4.0-1111.123
released
trusty
Fixed 4.4.0-1075.79
released
linux-aws-5.0
focal
dne
eoan
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1032.34~18.04.2
released
xenial
dne
trusty
dne
linux-aws-5.4
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-aws-hwe
focal
dne
eoan
dne
bionic
dne
xenial
Fixed 4.15.0-1080.84~16.04.1
released
trusty
dne
linux-azure
focal
Fixed 5.4.0-1020.20
released
eoan
ignored
bionic
ignored
xenial
Fixed 4.15.0-1093.103~16.04.1
released
trusty
Fixed 4.15.0-1093.103~14.04.1
released
linux-azure-4.15
focal
dne
eoan
dne
bionic
Fixed 4.15.0-1093.103
released
xenial
dne
trusty
dne
linux-azure-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1034.35~18.04.1
released
xenial
dne
trusty
dne
linux-azure-5.4
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-azure-edge
focal
dne
eoan
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp
focal
Fixed 5.4.0-1019.19
released
eoan
ignored
bionic
ignored
xenial
Fixed 4.15.0-1081.92~16.04.1
released
trusty
dne
linux-gcp-4.15
focal
dne
eoan
dne
bionic
Fixed 4.15.0-1081.92
released
xenial
dne
trusty
dne
linux-gcp-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1032.34~18.04.1
released
xenial
dne
trusty
dne
linux-gcp-5.4
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp-edge
focal
dne
eoan
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke-4.15
focal
dne
eoan
dne
bionic
Fixed 4.15.0-1067.70
released
xenial
dne
trusty
dne
linux-gke-5.0
focal
dne
eoan
dne
bionic
Fixed 5.0.0-1045.46
released
xenial
dne
trusty
dne
linux-gke-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1032.34~18.04.1
released
xenial
dne
trusty
dne
linux-hwe
focal
dne
eoan
dne
bionic
Fixed 5.3.0-64.58~18.04.1
released
xenial
Fixed 4.15.0-115.116~16.04.1
released
trusty
dne
linux-hwe-5.4
focal
dne
bionic
Fixed 5.4.0-40.44~18.04.1
released
xenial
dne
trusty
dne
linux-hwe-edge
focal
dne
eoan
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-kvm
focal
Fixed 5.4.0-1018.18
released
eoan
ignored
bionic
Fixed 4.15.0-1072.73
released
xenial
Fixed 4.4.0-1077.84
released
trusty
dne
linux-lts-trusty
focal
dne
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
focal
dne
eoan
dne
bionic
dne
xenial
dne
trusty
Fixed 4.4.0-186.216~14.04.1
released
linux-oem
focal
dne
eoan
ignored
bionic
Fixed 4.15.0-1094.104
released
xenial
ignored
trusty
dne
linux-oem-5.6
focal
Fixed 5.6.0-1018.18
released
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-osp1
focal
dne
eoan
ignored
bionic
Fixed 5.0.0-1065.70
released
xenial
dne
trusty
dne
linux-oracle
focal
Fixed 5.4.0-1019.19
released
eoan
ignored
bionic
Fixed 4.15.0-1051.55
released
xenial
Fixed 4.15.0-1051.55~16.04.1
released
trusty
dne
linux-oracle-5.0
focal
dne
eoan
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1030.32~18.04.1
released
xenial
dne
trusty
dne
linux-oracle-5.4
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-raspi
focal
Fixed 5.4.0-1013.13
released
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-raspi-5.4
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-raspi2
focal
ignored
eoan
ignored
bionic
Fixed 4.15.0-1068.72
released
xenial
Fixed 4.4.0-1136.145
released
trusty
dne
linux-raspi2-5.3
focal
dne
eoan
dne
bionic
Fixed 5.3.0-1030.32~18.04.2
released
xenial
dne
trusty
dne
linux-riscv
focal
Fixed 5.4.0-28.32
released
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-snapdragon
focal
dne
eoan
dne
bionic
Fixed 4.15.0-1084.92
released
xenial
Fixed 4.4.0-1140.148
released
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d
https://github.com/google/kmsan/issues/76
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/
https://security.netapp.com/advisory/ntap-20210129-0005/
https://twitter.com/grsecurity/status/1252558055629299712
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
https://usn.ubuntu.com/4440-1/
https://usn.ubuntu.com/4485-1/
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d
https://github.com/google/kmsan/issues/76
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/
https://security.netapp.com/advisory/ntap-20210129-0005/
https://twitter.com/grsecurity/status/1252558055629299712
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
https://usn.ubuntu.com/4440-1/
https://usn.ubuntu.com/4485-1/