CVE-2020-10768

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.8-rc1

Description A flaw in the prctl() function allows indirect branch speculation to be enabled after it has been disabled, incorrectly reporting it as 'force disabled' when it is not. This opens the system to Spectre v2 attacks, which could lead to local information disclosure with no additional execution privileges needed. The issue is related to insufficient input validation and incorrect implementation of functions. User interaction is not needed for exploitation, and the highest threat from this vulnerability is to confidentiality.

Recommendations For Linux Kernel versions prior to 5.8-rc1, consider disabling the prctl() function or restricting its use to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the prctl() function to enable indirect branch speculation. Restrict access to sensitive information to prevent potential disclosure via a Spectre v2 attack.