CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/	Third Party Advisory
https://usn.ubuntu.com/usn/usn-4302-1	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:aff_a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a220:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:aff_a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a320:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:aff_c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_c190:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a400:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 31 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

History

11 Oct 2022, 19:29

Type	Values Removed	Values Added
CPE		cpe:2.3:h:netapp:fas2720:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_c190_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:h:netapp:aff_8300:-:::::::* cpe:2.3:o:netapp:fas2720_firmware:-:::::::* cpe:2.3:o:netapp:aff_8700_firmware:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_a320_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_a220_firmware:-:::::::* cpe:2.3:h:netapp:aff_a700s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h610s_firmware:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a400:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:netapp:aff_a700s_firmware:-:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:::::::* cpe:2.3:o:netapp:aff_a220_firmware:-:::::::* cpe:2.3:o:netapp:aff_c190_firmware:-:::::::* cpe:2.3:o:netapp:aff_a400_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:::::::* cpe:2.3:h:netapp:aff_a220:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h610c_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:fas8700:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h615c_firmware:-:::::::* cpe:2.3:o:netapp:fas8300_firmware:-:::::::* cpe:2.3:h:netapp:aff_a400:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:::::::* cpe:2.3:h:netapp:fas8300:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:::::::* cpe:2.3:o:netapp:aff_a320_firmware:-:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:o:netapp:fas2750_firmware:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:::::::* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::* cpe:2.3:h:netapp:aff_a320:-:::::::* cpe:2.3:o:netapp:fas8700_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_a800_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:o:netapp:aff_8300_firmware:-:::::::* cpe:2.3:h:netapp:aff_c190:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:fas2750:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:h:netapp:aff_8700:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_a400_firmware:-:::::::*
References	~~(UBUNTU) https://usn.ubuntu.com/usn/usn-4302-1 - Vendor Advisory~~	(UBUNTU) https://usn.ubuntu.com/usn/usn-4302-1 - Third Party Advisory
References	~~(MISC) https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 - Issue Tracking, Vendor Advisory~~	(MISC) https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 - Issue Tracking, Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20200430-0004/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20200430-0004/ - Third Party Advisory

Information

Published : 2020-04-10 00:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-8832

Mitre link : CVE-2020-8832

CVE.ORG link : CVE-2020-8832

JSON object : View

Products Affected

netapp

aff_a400
aff_c190
h610s
fas_baseboard_management_controller_a220
h610s_firmware
h500s
solidfire_baseboard_management_controller
fas2720
h615c
fas8300_firmware
steelstore_cloud_integrated_storage
aff_8700_firmware
h300s
h410c_firmware
h300s_firmware
fas_baseboard_management_controller_a320_firmware
aff_8300
fas_baseboard_management_controller_a320
h610c
h700e_firmware
h700e
h700s_firmware
h300e
aff_a220
h410s_firmware
fas8300
aff_8700
aff_a220_firmware
aff_c190_firmware
fas2750_firmware
fas2720_firmware
fas_baseboard_management_controller_c190_firmware
aff_a700s
fas_baseboard_management_controller_c190
h615c_firmware
fas2750
fas_baseboard_management_controller_a400
h500e_firmware
h500e
fas8700
fas_baseboard_management_controller_a800
fas_baseboard_management_controller_a800_firmware
h700s
cloud_backup
aff_a400_firmware
h410s
aff_a700s_firmware
solidfire_\&_hci_management_node
fas_baseboard_management_controller_a220_firmware
h410c
aff_a320_firmware
h300e_firmware
solidfire_baseboard_management_controller_firmware
h610c_firmware
h500s_firmware
fas_baseboard_management_controller_a400_firmware
aff_8300_firmware
fas8700_firmware
aff_a320

canonical

ubuntu_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-8832

5.5^/10

2.1^/10

Attach tags to `CVE-2020-8832`