CVE-2020-36311 — Kernel vulnerability

12 documents7 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.1%

top 76.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux

Timeline

PublishedApr 7

Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 5.9.0

▶Debianlinux/linux_kernel< 5.9.1-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-84.94

▶debiandebian/linux< linux 5.9.1-1 (bookworm)

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-5v5w-97p2-836p: An issue was discovered in the Linux kernel before 5↗2022-05-24

▶

OSV

linux-azure-5.8 vulnerabilities↗2021-10-21

▶

OSV

linux-hwe-5.4 vulnerabilities↗2021-09-16

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabiliti↗2021-09-08

▶

OSV

CVE-2020-36311: An issue was discovered in the Linux kernel before 5↗2021-04-07

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2021-10-21

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2021-09-16

▶

Ubuntu

Linux kernel vulnerabilities↗2021-09-08

▶

Red Hat

kernel: DoS by triggering destruction of a large SEV VM↗2020-09-11

▶

Debian

CVE-2020-36311: linux - An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c a...↗2020

▶

💬Community

Bugzilla

CVE-2020-36311 kernel: DoS by triggering destruction of a large SEV VM↗2021-04-09

▶