CVE-2020-10768
published 2020-09-16CVE-2020-10768: A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.40%
31.5th percentile
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.7.6-1 (bookworm) | linux 5.7.6-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | < 5.8.0 | 5.8.0 |
| linux | linux_kernel | >= 0 < 5.7.6-1 | 5.7.6-1 |
| linux | linux_kernel | >= 0 < 5.7.6-1 | 5.7.6-1 |
| linux | linux_kernel | >= 0 < 5.7.6-1 | 5.7.6-1 |
| linux | linux_kernel | >= 0 < 5.7.6-1 | 5.7.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-186.216 | 4.4.0-186.216 |
| linux | linux_kernel | >= 0 < 4.15.0-115.116 | 4.15.0-115.116 |
| linux | linux_kernel | >= 0 < 5.4.0-45.49 | 5.4.0-45.49 |
| linux_kernel | kernel | — | — |
| msrc | cm1_kernel_5.4.91-3_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC
cisa_ics·2024-03-14
Siemens SIMATIC
ICS Advisory
##
Siemens SIMATIC
Release DateMarch 14, 2024
Alert CodeICSA-24-074-07
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Beha
Android
CVE-2020-10768: i86 Spectre v2 protections
vendor_android·2021-10-01·CVSS 5.5
CVE-2020-10768 [MEDIUM] CVE-2020-10768: i86 Spectre v2 protections
Android Security Bulletin 2021-10-01
CVE: CVE-2020-10768
Severity: HIGH
Type: ID
Component: i86 Spectre v2 protections
References: A-169505929
Upstream kernel
Microsoft
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as b
vendor_msrc·2020-09-08·CVSS 5.5
CVE-2020-10768 [MEDIUM] CWE-440 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as b
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we bega
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-09-03·CVSS 5.5
CVE-2019-20810 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)
It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CV
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-09-03·CVSS 7.8
CVE-2018-20669 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Timothy Michaud discovered that the i915 graphics driver in the Linux
kernel did not properly validate user memory locations for the
i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to
cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use t
Ubuntu
linux kernel vulnerabilities
vendor_ubuntu·2020-07-31·CVSS 4.1
CVE-2019-16089 [MEDIUM] linux kernel vulnerabilities
Title: linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2019-16089)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly check return values in some situations. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-19462)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to caus
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-07-27·CVSS 4.1
CVE-2019-12380 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2019-16089)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19036)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly check return values in some situations. A
lo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-07-27·CVSS 4.6
CVE-2020-10768 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Jason A. Donenfeld discovered that the ACPI implementation in the Linux
kernel did not properly restrict loading SSDT code from an EFI variable. A
privileged attacker could use this to bypass Secure Boot
Red Hat
kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
vendor_redhat·2020-06-09·CVSS 5.5
CVE-2020-10768 [MEDIUM] CWE-440 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
Statement: Th
Debian
CVE-2020-10768: linux - A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, whe...
vendor_debian·2020·CVSS 5.5
CVE-2020-10768 [MEDIUM] CVE-2020-10768: linux - A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, whe...
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
Scope: local
bookworm: resolved (fixed in 5.7.6-1)
bullseye: resolved (fixed in 5.7.6-1)
forky: resolved (fixed in 5.7.6-1)
sid: resolved (fixed in 5.7.6-1)
trixie: resolved (fixed in 5.7.6-1)
GHSA
GHSA-5hg9-992p-865c: A flaw was found in the Linux Kernel before 5
ghsa_unreviewed·2022-05-24
CVE-2020-10768 [MEDIUM] GHSA-5hg9-992p-865c: A flaw was found in the Linux Kernel before 5
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
OSV
CVE-2020-10768: In ib_prctl_set of bugs
osv·2021-10-01
CVE-2020-10768 CVE-2020-10768: In ib_prctl_set of bugs
In ib_prctl_set of bugs.c, there is a possible way to re-enable indirect branch speculation due to a permissions bypass. This could lead to local information disclosure via a Spectre v2 attack with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2020-10768: A flaw was found in the Linux Kernel before 5
osv·2020-09-16·CVSS 5.5
CVE-2020-10768 [MEDIUM] CVE-2020-10768: A flaw was found in the Linux Kernel before 5
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-09-03·CVSS 7.8
CVE-2018-20669 [HIGH] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Timothy Michaud discovered that the i915 graphics driver in the Linux
kernel did not properly validate user memory locations for the
i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to
cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2020-09-03·CVSS 5.5
CVE-2019-20810 [MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)
It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain
OSV
linux-hwe, linux-aws-5.3, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, linux-raspi2-5.3 vulnerabilities
osv·2020-07-31·CVSS 4.1
CVE-2019-16089 [MEDIUM] linux-hwe, linux-aws-5.3, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, linux-raspi2-5.3 vulnerabilities
linux-hwe, linux-aws-5.3, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, linux-raspi2-5.3 vulnerabilities
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2019-16089)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly check return values in some situations. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2019-19462)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximat
OSV
linux-gke-5.0, linux-oem-osp1 vulnerabilities
osv·2020-07-27·CVSS 4.1
CVE-2019-16089 [MEDIUM] linux-gke-5.0, linux-oem-osp1 vulnerabilities
linux-gke-5.0, linux-oem-osp1 vulnerabilities
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2019-16089)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19036)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly check return values in some situations. A
local attacker could possibly use this to cause a denial o
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-07-27·CVSS 4.6
CVE-2019-19947 [MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did
not properly initialize memory in certain situations. A local attacker
could possibly use this to expose sensitive information (kernel memory).
(CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)
Jason A. Donenfeld discovered that the ACPI implementation in the Linux
kernel did not properly restrict loading SSDT code from an EFI variable. A
privileged attacker could use this to bypass Secure Boot lockdown
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. [fedora-all]
bugzilla·2020-06-16·CVSS 5.5
CVE-2020-10768 [MEDIUM] CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. [fedora-all]
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fed
Bugzilla
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
bugzilla·2020-06-10·CVSS 5.5
CVE-2020-10768 [MEDIUM] CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.
The prctl() function can be used to enable indirect branch speculation even after it has been disabled. This same call will incorrectly report it being 'force disabled' when it is not.
Discussion:
That makes the CPU vulnerable to Spectre v2.
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1847392]
---
Mitigation:
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
---
FEDORA-2020-125ccdc871 has been pushed to the Fedora 32 stable repository
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
CTF
Secret / README
ctf_writeups·CVSS 5.5
[MEDIUM] Secret / README
# Secret - HackTheBox - Writeup
Linux, 20 Base Points, Easy
## Machine
## TL;DR
To solve this machine, we begin by enumerating open services using ```namp``` – finding ports ```22```, ```80``` and ```3000```.
***User***: By downloading the portal source code we found a path ```/priv``` API with permission only for user ```theadmin```, we also find a way to create a new user name using ```/api/user/register``` API on port ```3000```, After sucessfully login to the portal we found a header ```auth-token``` with JWT token, By observing the source code we found a file ```auth.js``` which contains the JWT key, On the mail folder we found also ```.git``` folder, by revert to specific commit we found the removed JWT key on ```.env``` file, Using the JWT key we create a ```auth-token``` of
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bfhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
2020-09-16
Published