Vulnerability Description
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.15, < 4.19.119 |
| Canonical | Ubuntu Linux | 16.04 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 30 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Backup | - |
| Netapp | Element Software | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | Solidfire Baseboard Management Controller | - |
| Netapp | Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
| Netapp | A700S Firmware | - |
| Netapp | A700S | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
Related Weaknesses (CWE)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f392Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3fPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20200608-0001/Third Party Advisory
- https://usn.ubuntu.com/4342-1/Third Party Advisory
- https://usn.ubuntu.com/4343-1/Third Party Advisory
- https://usn.ubuntu.com/4345-1/Third Party Advisory
- https://www.debian.org/security/2020/dsa-4667Third Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f392Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3fPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2020-11884?
CVE-2020-11884 is a vulnerability with a CVSS score of 7.0 (HIGH). In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails ...
How severe is CVE-2020-11884?
CVE-2020-11884 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11884?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Netapp Active Iq Unified Manager.