7

CVE-2020-11884

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 4.19.119
LinuxLinux Kernel Version >= 4.20 < 5.4.36
LinuxLinux Kernel Version >= 5.5 < 5.6.8
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
DebianDebian Linux Version10.0
FedoraprojectFedora Version30
FedoraprojectFedora Version31
FedoraprojectFedora Version32
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappCloud Backup Version-
NetappElement Software Version-
NetappSolidfire Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappA700s Firmware Version-
   NetappA700s Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH610c Firmware Version-
   NetappH610c Version-
NetappH610s Firmware Version-
   NetappH610s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.119
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://usn.ubuntu.com/4342-1/
Third Party Advisory
https://usn.ubuntu.com/4345-1/
Third Party Advisory
https://usn.ubuntu.com/4343-1/
Third Party Advisory