CVE-2020-8832
MEDIUMUbuntu Linux < 4.15.0-91.92 - Information Exposure via Incomplete CVE-2019-14615 Fix
Title source: llmDescription
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/usn/usn-4302-1
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200430-0004/
Scores
CVSS v3
5.5
EPSS
0.0031
EPSS Percentile
54.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (34)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
netapp/aff_8300_firmware
netapp/aff_8700_firmware
netapp/aff_a220_firmware
netapp/aff_a320_firmware
netapp/aff_a400_firmware
netapp/aff_a700s_firmware
netapp/aff_c190_firmware
... and 24 more
Published
Apr 10, 2020
Tracked Since
Feb 18, 2026