7.8

CVE-2020-15852

EPSS 0.16%
Published 20.07.2020 19:15:11
Last modified 21.11.2024 05:06:18
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.5 <= 5.7.9

Xen ≫ Xen HwPlatformx86 Version <= 4.13.1

Netapp ≫ Cloud Backup Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Netapp ≫ Solidfire Baseboard Management Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.379

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

http://www.openwall.com/lists/oss-security/2020/07/21/2

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-329.html

Patch

Third Party Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2

Patch

Vendor Advisory

Mailing List

https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2

Patch

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200810-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15852

EUVD