CVE-2020-12351 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
intel	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
linux	linux_kernel	4.7.7 ≤ 𝑥 < 4.9.240
linux	linux_kernel	4.10 ≤ 𝑥 < 4.14.202
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.152
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.72
linux	linux_kernel	5.5 ≤ 𝑥 < 5.8.16
linux	linux_kernel	5.9.0
linux	linux_kernel	5.9.0:rc1
linux	linux_kernel	5.9.0:rc2
linux	linux_kernel	5.9.0:rc3
linux	linux_kernel	5.9.0:rc4
linux	linux_kernel	5.9.0:rc5
linux	linux_kernel	5.9.0:rc6
linux	linux_kernel	5.9.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
sid	6.11.5-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

groovy	not-affected
focal	Fixed 5.4.0-52.57 released
bionic	Fixed 4.15.0-122.124 released
xenial	not-affected
trusty	not-affected

linux-aws

groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.3

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.4

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-hwe

groovy	dne
focal	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-azure

groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-azure-4.15

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.3

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.4

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-edge

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp

groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-gcp-4.15

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.3

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.4

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-edge

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-4.15

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-5.0

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-5.3

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gke-5.4

groovy	dne
focal	dne
bionic	pending
xenial	dne
trusty	dne

linux-gkeop-5.4

groovy	dne
focal	dne
bionic	pending
xenial	dne
trusty	dne

linux-hwe

groovy	dne
focal	dne
bionic	ignored
xenial	Fixed 4.15.0-122.124~16.04.1 released
trusty	dne

linux-hwe-5.4

groovy	dne
focal	dne
bionic	Fixed 5.4.0-52.57~18.04.1 released
xenial	dne
trusty	dne

linux-hwe-5.8

groovy	dne
focal	pending
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

groovy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-kvm

groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-lts-trusty

groovy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

groovy	dne
focal	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-oem

groovy	dne
focal	dne
bionic	Fixed 4.15.0-1100.110 released
xenial	ignored
trusty	dne

linux-oem-5.6

groovy	dne
focal	Fixed 5.6.0-1032.33 released
bionic	dne
xenial	dne
trusty	dne

linux-oem-osp1

groovy	dne
focal	dne
bionic	Fixed 5.0.0-1070.76 released
xenial	dne
trusty	dne

linux-oracle

groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-oracle-5.0

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.3

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.4

groovy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi

groovy	not-affected
focal	Fixed 5.4.0-1022.25 released
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

groovy	dne
focal	dne
bionic	Fixed 5.4.0-1022.25~18.04.1 released
xenial	dne
trusty	dne

linux-raspi2

groovy	dne
focal	ignored
bionic	Fixed 4.15.0-1074.79 released
xenial	not-affected
trusty	dne

linux-raspi2-5.3

groovy	dne
focal	dne
bionic	Fixed 5.3.0-1036.38 released
xenial	dne
trusty	dne

linux-riscv

groovy	not-affected
focal	Fixed 5.4.0-37.42 released
bionic	dne
xenial	dne
trusty	dne

linux-snapdragon

groovy	dne
focal	dne
bionic	Fixed 4.15.0-1090.99 released
xenial	not-affected
trusty	dne

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351

http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351