CVE-2020-14386

CWE-250CWE-787Out-of-bounds WriteCWE-78615 documents10 sources
Severity
7.8HIGH
EPSS
0.6%
top 30.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux Linux KernelLinux Kernel KernelDebian Debian Linux+2 more
Timeline
PublishedSep 16
Latest updateOct 14

Description

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.64.9.239+5
CVEListV5linux_kernel/kernelbefore 5.9-rc4
Debianlinux< 5.8.7-1+3
Ubuntulinux< 4.15.0-117.118
Ubuntulinux-aws< 4.15.0-1082.86

Also affects: Debian Linux 9.0, Fedora 33

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: seclists.org

🔴Vulnerability Details

4
CVEList
CVE-2020-14386: A flaw was found in the Linux kernel before 52020-09-16
OSV
CVE-2020-14386: A flaw was found in the Linux kernel before 52020-09-16
OSV
Kernel Live Patch Security Notice2020-09-10
Kernel
net/packet: fix overflow in tpacket_rcv2020-09-03

📋Vendor Advisories

6
Ubuntu
Kernel Live Patch Security Notice2020-10-14
Ubuntu
Kernel Live Patch Security Notice2020-09-10
Ubuntu
Linux kernel vulnerability2020-09-08
Microsoft
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confi2020-09-08
Red Hat
kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege2020-09-03

🕵️Threat Intelligence

2
Unit42
CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel2020-10-10
Unit42
CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel2020-10-10

💬Community

2
Bugzilla
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege [fedora-all]2020-09-07
Bugzilla
CVE-2020-14386 kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege2020-09-04