CVE-2020-10768

CWE-44016 documents10 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 90.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelLinux Kernel Kernel
Timeline
PublishedSep 16
Latest updateMay 24

Description

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Android:linux_kernel::0:2021-10-05
NVDlinux/linux_kernel< 5.8.0
CVEListV5linux_kernel/kernelbefore 5.8-rc1
Debianlinux< 5.7.6-1+3

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-5hg9-992p-865c: A flaw was found in the Linux Kernel before 52022-05-24
OSV
CVE-2020-10768: In ib_prctl_set of bugs2021-10-01
OSV
CVE-2020-10768: A flaw was found in the Linux Kernel before 52020-09-16
CVEList
CVE-2020-10768: A flaw was found in the Linux Kernel before 52020-09-15

📋Vendor Advisories

9
Android
CVE-2020-10768: i86 Spectre v2 protections2021-10-01
Microsoft
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as b2020-09-08
Ubuntu
Linux kernel vulnerabilities2020-09-03
Ubuntu
Linux kernel vulnerabilities2020-09-03
Ubuntu
linux kernel vulnerabilities2020-07-31

💬Community

2
Bugzilla
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. [fedora-all]2020-06-16
Bugzilla
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.2020-06-10