CVE-2020-12888

MEDIUM

Linux kernel <5.6.13 - Memory Corruption

Title source: llm
STIX 2.1

Description

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

References (13)

Core 13
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/05/19/6
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200608-0001/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4526-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4525-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Scores

CVSS v3 5.3
EPSS 0.0011
EPSS Percentile 28.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-755
Status published
Products (30)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
debian/debian_linux 9.0
fedoraproject/fedora 31
fedoraproject/fedora 32
linux/linux_kernel < 5.6.13
netapp/a700s_firmware
netapp/active_iq_unified_manager
... and 20 more
Published May 15, 2020
Tracked Since Feb 18, 2026