CVE Vulnerability

CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

4.7 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/ Patch Vendor Advisory
https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/ Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/05/19/6 Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0001/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4526-1/ Third Party Advisory
https://usn.ubuntu.com/4525-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Information

Published : 2020-05-15 06:15

Updated : 2022-11-14 07:44

NVD link : CVE-2020-12888

Mitre link : CVE-2020-12888

Products Affected

A700s Firmware

Netapp

CWE
CWE-755