Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

High

Attack Vector

Local

CVE-2020-12770

Disclosure Date: May 09, 2020 •

CVE-2020-12770 CVSS v3 Base Score: 6.7

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.7 Medium

Impact Score:

5.9

Exploitability Score:

0.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

canonical,
debian,
fedoraproject,
linux,
netapp

Products

a700s firmware -,
active iq unified manager -,
bootstrap os -,
cloud backup -,
debian linux 10.0,
debian linux 8.0,
debian linux 9.0,
element software -,
fedora 30,
fedora 31,
fedora 32,
h300e firmware -,
h300s firmware -,
h410c firmware -,
h410s firmware -,
h500e firmware -,
h500s firmware -,
h610c firmware -,
h610s firmware -,
h615c firmware -,
h700e firmware -,
h700s firmware -,
hci management node -,
linux kernel,
solidfire -,
steelstore cloud integrated storage -,
ubuntu linux 14.04,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 19.10,
ubuntu linux 20.04

References

Canonical

CVE-2020-12770 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770)

Advisory

https://lkml.org/lkml/2020/4/13/870

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=83c6f2390040f188cc25b270b4befeb5628c1aee

FEDORA-2020-4c69987c40 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI)

FEDORA-2020-c6b9fff7f8 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF)

FEDORA-2020-5a69decc0c (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU)

https://security.netapp.com/advisory/ntap-20200608-0001

[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update (https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html)

[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html)

[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update (https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html)

DSA-4698 (https://www.debian.org/security/2020/dsa-4698)

DSA-4699 (https://www.debian.org/security/2020/dsa-4699)

USN-4413-1 (https://usn.ubuntu.com/4413-1)

USN-4411-1 (https://usn.ubuntu.com/4411-1)

USN-4412-1 (https://usn.ubuntu.com/4412-1)

USN-4419-1 (https://usn.ubuntu.com/4419-1)

USN-4414-1 (https://usn.ubuntu.com/4414-1)

Rapid7

Unknown

CVE-2020-12770

Unknown

Unknown

None

High

Local

CVE-2020-12770

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2020-12770

Unknown

Unknown

None

High

Local

CVE-2020-12770

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification