CVE-2020-14304

CWE-460CWE-755Improper Exception Handling8 documents7 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 81.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Kernel KernelLinux Linux Kernel
Timeline
PublishedSep 15
Latest updateMay 24

Description

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDlinux/linux_kernel4.19.118-2, 4.9.210-1, 5.6.7-1+2
CVEListV5linux_kernel/kernel4.19.118-2, 4.9.210-1, 5.6.7-1+2

🔴Vulnerability Details

3
GHSA
GHSA-cph4-fpfm-5h8w: A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device2022-05-24
OSV
CVE-2020-14304: A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device2020-09-15
CVEList
CVE-2020-14304: A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device2020-09-15

📋Vendor Advisories

2
Red Hat
kernel: ethtool when reading eeprom of device could lead to memory leak2020-05-15
Debian
CVE-2020-14304: linux - A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in th...2020

💬Community

2
Bugzilla
CVE-2020-14304 kernel: ethtool when reading eeprom of device could lead to memory leak [fedora-all]2020-06-16
Bugzilla
CVE-2020-14304 kernel: ethtool when reading eeprom of device could lead to memory leak2020-06-16