CVE-2020-10732

LOW

Linux Kernel - Info Disclosure

Title source: llm
STIX 2.1

Description

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4411-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4427-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4439-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4440-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4485-1/
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
Issue Tracking, Third Party Advisory
https://github.com/google/kmsan/issues/76

Scores

CVSS v3 3.3
EPSS 0.0004
EPSS Percentile 11.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-908
Status published
Products (23)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
linux/linux_kernel < 3.16.85
netapp/active_iq_unified_manager 9.5
netapp/aff_8300_firmware
netapp/aff_8700_firmware
netapp/aff_a400_firmware
netapp/aff_a700_firmware
... and 13 more
Published Jun 12, 2020
Tracked Since Feb 18, 2026