CVE-2020-11884 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.119
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.36
linux	linux_kernel	5.5 ≤ 𝑥 < 5.6.8
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
canonical	ubuntu_linux	20.04
debian	debian_linux	10.0
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	solidfire	-
netapp	steelstore_cloud_integrated_storage	-
netapp	solidfire_baseboard_management_controller	-
netapp	bootstrap_os	-
netapp	a700s_firmware	-
netapp	h300s_firmware	-
netapp	h500s_firmware	-
netapp	h700s_firmware	-
netapp	h300e_firmware	-
netapp	h500e_firmware	-
netapp	h700e_firmware	-
netapp	h410s_firmware	-
netapp	h410c_firmware	-
netapp	h610c_firmware	-
netapp	h610s_firmware	-
netapp	h410c_firmware	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
stretch	not-affected
jessie	not-affected
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

focal	Fixed 5.4.0-28.32 released
eoan	Fixed 5.3.0-51.44 released
bionic	Fixed 4.15.0-99.100 released
xenial	not-affected
trusty	not-affected

linux-aws

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.3

focal	dne
eoan	dne
bionic	Fixed 5.3.0-1019.21~18.04.1 released
xenial	dne
trusty	dne

linux-aws-hwe

focal	dne
eoan	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-azure

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-azure-4.15

focal	dne
eoan	dne
bionic	Fixed 4.15.0-1083.93 released
xenial	dne
trusty	dne

linux-azure-5.3

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.4

focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-edge

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-gcp-4.15

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.3

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-edge

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-4.15

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-5.0

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-5.3

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-hwe

focal	dne
eoan	dne
bionic	Fixed 5.3.0-51.44~18.04.2 released
xenial	Fixed 4.15.0-99.100~16.04.1 released
trusty	dne

linux-hwe-5.4

focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-hwe-edge

focal	dne
eoan	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-kvm

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-lts-trusty

focal	dne
eoan	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

focal	dne
eoan	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-oem

focal	dne
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-oem-5.6

focal	not-affected
eoan	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-osp1

focal	dne
eoan	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-oracle-5.0

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.3

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.4

focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi

focal	not-affected
eoan	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi2

focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-raspi2-5.3

focal	dne
eoan	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-riscv

focal	not-affected
eoan	dne
bionic	dne
xenial	dne
trusty	dne

linux-snapdragon

focal	dne
eoan	dne
bionic	not-affected
xenial	not-affected
trusty	dne

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/

https://security.netapp.com/advisory/ntap-20200608-0001/

https://usn.ubuntu.com/4342-1/

https://usn.ubuntu.com/4343-1/

https://usn.ubuntu.com/4345-1/

https://www.debian.org/security/2020/dsa-4667