vulnerability
Ubuntu: (CVE-2020-15852): linux-oem-5.6 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Jul 20, 2020 | Nov 19, 2024 | Nov 19, 2024 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 20, 2020
Added
Nov 19, 2024
Modified
Nov 19, 2024
Description
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
Solution
ubuntu-upgrade-linux-oem-5-6
References
- CVE-2020-15852
- https://attackerkb.com/topics/CVE-2020-15852
- URL-http://www.openwall.com/lists/oss-security/2020/07/21/2
- URL-http://xenbits.xen.org/xsa/advisory-329.html
- URL-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
- URL-https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
- URL-https://www.cve.org/CVERecord?id=CVE-2020-15852
- URL-https://www.openwall.com/lists/oss-security/2020/07/16/1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.