PT-2021-9175 · Linux+4 · Linux Kernel+4

Alex

Published

2018-08-21

Updated

2021-06-08

CVE-2020-10774

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.0-193.el8

Description A memory disclosure flaw was found in the Linux kernel's sysctl subsystem when reading the /proc/sys/kernel/rh features file. This flaw allows a local user to read uninitialized values from the kernel memory, posing a threat to confidentiality.

Recommendations For Linux kernel versions prior to 4.18.0-193.el8, update to version 4.18.0-193.el8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /proc/sys/kernel/rh features file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-805

Related Identifiers

ALSA-2020:4431

ALT-PU-2018-2192

ALT-PU-2018-2210

ALT-PU-2019-1433

CESA-2020_4431

CESA-2020_4609

CVE-2020-10774

RHSA-2020:4431

RHSA-2020:4609

RHSA-2020_4431

RHSA-2020_4609

Affected Products

Alt Linux

Almalinux

Centos

Linux Kernel

Red Hat

PT-2021-9175 · Linux+4 · Linux Kernel+4

CVE-2020-10774

Weakness Enumeration

Related Identifiers

Affected Products

References · 55