PT-2020-1255 · Linux+7 · Linux Kernel+7

Alexander Potapenko

+1

·

Published

2014-10-23

·

Updated

2023-06-06

·

CVE-2020-10732

CVSS v3.1

4.4

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a flaw in the Linux kernel's implementation of Userspace core dumps, specifically in the fill thread core info() function, which can lead to information disclosure. An attacker with a local account can exploit this flaw to crash a program and exfiltrate private kernel data. The vulnerability allows for the potential leak of kernel heap memory due to uninitialized data, which could lead to local information disclosure with no additional execution privileges needed. User interaction is not required for exploitation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Uninitialized Resource

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-200

Related Identifiers

ALSA-2020:4431
ALT-PU-2014-2297
ALT-PU-2015-1794
ALT-PU-2016-1262
ALT-PU-2017-1299
ALT-PU-2018-1557
ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2020-1145
ALT-PU-2020-1251
ALT-PU-2020-2086
ALT-PU-2020-2088
ALT-PU-2020-2091
ALT-PU-2020-2149
ALT-PU-2020-2155
ALT-PU-2020-2158
ALT-PU-2020-2164
ALT-PU-2020-2181
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2020-3454
ALT-PU-2021-1840
ASB-A-170658976
BDU:2021-03057
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2020-10732
DLA-2242-1
DSA-4698-1
DSA-4699-1
MGASA-2020-0333
OPENSUSE-SU-2020:0801-1
OPENSUSE-SU-2020:0935-1
OPENSUSE-SU-2020_0801-1
OPENSUSE-SU-2020_0935-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
SUSE-SU-2020:14442-1
SUSE-SU-2020:1587-1
SUSE-SU-2020:1599-1
SUSE-SU-2020:1602-1
SUSE-SU-2020:1603-1
SUSE-SU-2020:1604-1
SUSE-SU-2020:1605-1
SUSE-SU-2020:1663-1
SUSE-SU-2020:2027-1
SUSE-SU-2020:2105-1
SUSE-SU-2020:2134-1
SUSE-SU-2020:2152-1
SUSE-SU-2020:2156-1
SUSE-SU-2020:2478-1
SUSE-SU-2020:2487-1
SUSE-SU-2020_1587-1
SUSE-SU-2020_1599-1
SUSE-SU-2020_1602-1
SUSE-SU-2020_1603-1
SUSE-SU-2020_1604-1
SUSE-SU-2020_1605-1
SUSE-SU-2020_1663-1
USN-4411-1
USN-4427-1
USN-4439-1
USN-4440-1
USN-4485-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu