CVE-2020-10732

CWE-908Use of Uninitialized ResourceCWE-200Information Exposure16 documents9 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 88.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux Linux KernelLinux Kernel KernelCanonical Ubuntu Linux+2 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages14 packages

Android:linux_kernel::0:2021-01-05
NVDlinux/linux_kernel4.44.4.226+6
CVEListV5linux_kernel/kernelintroduced in commit 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187
Debianlinux< 5.6.14-2+3
Ubuntulinux< 5.4.0-40.44

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-rfhv-v778-g5c3: A flaw was found in the Linux kernel's implementation of Userspace core dumps2022-05-24
OSV
CVE-2020-10732: In fill_thread_core_info of binfmt_elf2021-01-01
OSV
linux, linux-aws, inux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities2020-07-06
OSV
CVE-2020-10732: A flaw was found in the Linux kernel's implementation of Userspace core dumps2020-06-12
CVEList
CVE-2020-10732: A flaw was found in the Linux kernel's implementation of Userspace core dumps2020-06-12

📋Vendor Advisories

8
Android
CVE-2020-10732: ELF core dumps2021-01-01
Ubuntu
Linux kernel vulnerabilities2020-09-03
Ubuntu
linux kernel vulnerabilities2020-07-31
Ubuntu
Linux kernel vulnerabilities2020-07-27
Ubuntu
Linux kernel vulnerabilities2020-07-27

💬Community

2
Bugzilla
CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps [fedora-all]2020-05-06
Bugzilla
CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps2020-05-05