CVE-2020-12888

MEDIUM

Linux kernel <5.6.13 - Memory Corruption

Title source: llm

Description

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

References (13)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/05/19/6

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

[Mailing List] https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/

[Mailing List] https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200608-0001/

[Third Party Advisory] https://usn.ubuntu.com/4525-1/

[Third Party Advisory] https://usn.ubuntu.com/4526-1/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 26.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (30)

linux/linux_kernel < 5.6.13

fedoraproject/fedora

fedoraproject/fedora

opensuse/leap

opensuse/leap

debian/debian_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

netapp/active_iq_unified_manager

netapp/cloud_backup

netapp/element_software

netapp/hci_management_node

netapp/solidfire

... and 15 more

Timeline

Published May 15, 2020

Tracked Since Feb 18, 2026