CVE-2020-14304
MEDIUMLinux Kernel - Memory Disclosure via Ethernet Driver EEPROM Read
Title source: llmDescription
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702
Scores
CVSS v3
4.4
EPSS
0.0036
EPSS Percentile
27.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-755
CWE-460
Status
published
Products (3)
linux/linux_kernel
4.9.210-1
linux/linux_kernel
4.19.118-2
linux/linux_kernel
5.6.7-1
Published
Sep 15, 2020
Tracked Since
Feb 18, 2026