CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840	Issue Tracking Third Party Advisory
https://usn.ubuntu.com/usn/usn-4302-1	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:aff_a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a220:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:aff_a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a320:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:aff_c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_c190:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a400:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_a800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 31 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Information

Published : 2020-04-09 17:15

Updated : 2022-10-11 12:29

NVD link : CVE-2020-8832

Mitre link : CVE-2020-8832

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

netapp

cloud_backup
baseboard_management_controller_h500e
baseboard_management_controller_h610c
fas_baseboard_management_controller_a220_firmware
solidfire_\&_hci_management_node
aff_a320
baseboard_management_controller_h300e
baseboard_management_controller_h300s
fas8300_firmware
fas_baseboard_management_controller_c190
steelstore_cloud_integrated_storage
aff_a400_firmware
fas8700_firmware
baseboard_management_controller_h410c_firmware
aff_a700s
baseboard_management_controller_h410c
baseboard_management_controller_h610s_firmware
baseboard_management_controller_h700e_firmware
fas8700
aff_8700_firmware
aff_8300_firmware
aff_8700
baseboard_management_controller_h500e_firmware
fas2750_firmware
fas2720
baseboard_management_controller_h700s_firmware
fas2750
baseboard_management_controller_h615c_firmware
baseboard_management_controller_h700s
baseboard_management_controller_h410s
fas_baseboard_management_controller_a400
aff_a220
baseboard_management_controller_h410s_firmware
fas8300
fas_baseboard_management_controller_a800_firmware
fas_baseboard_management_controller_a220
aff_a700s_firmware
fas_baseboard_management_controller_a320_firmware
fas_baseboard_management_controller_a320
aff_a400
aff_a320_firmware
baseboard_management_controller_h500s
baseboard_management_controller_h700e
fas_baseboard_management_controller_a400_firmware
baseboard_management_controller_h300s_firmware
solidfire_baseboard_management_controller
solidfire_baseboard_management_controller_firmware
aff_a220_firmware
aff_c190_firmware
baseboard_management_controller_h610c_firmware
aff_c190
baseboard_management_controller_h615c
fas_baseboard_management_controller_a800
fas_baseboard_management_controller_c190_firmware
fas2720_firmware
baseboard_management_controller_h500s_firmware
baseboard_management_controller_h300e_firmware
baseboard_management_controller_h610s
aff_8300

canonical

ubuntu_linux

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-8832

5.5^/10

2.1^/10

Attach tags to `CVE-2020-8832`