Vulnerability Description
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.8.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10768Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dPatchVendor Advisory
FAQ
What is CVE-2020-10768?
CVE-2020-10768 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as ...
How severe is CVE-2020-10768?
CVE-2020-10768 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10768?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.