CVE-2020-10766

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.8-rc1

Description A logic bug flaw was found in the implementation of SSBD, allowing an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue is related to insufficient input validation and incorrect implementation of functions, which can lead to unauthorized access to protected information. The flaw can be exploited to disclose side channel information, potentially leading to local information disclosure without requiring additional execution privileges. User interaction is not needed for exploitation. The highest threat from this issue is to confidentiality.

Recommendations For Linux kernel versions prior to 5.8-rc1, consider disabling the speculative execution mitigations as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.