Vulnerability Description
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 18.04 |
| Netapp | Cloud Backup | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | Aff 8300 Firmware | - |
| Netapp | Aff 8300 | - |
| Netapp | Aff 8700 Firmware | - |
| Netapp | Aff 8700 | - |
| Netapp | Aff A220 Firmware | - |
| Netapp | Aff A220 | - |
| Netapp | Aff A320 Firmware | - |
| Netapp | Aff A320 | - |
| Netapp | Aff A400 Firmware | - |
| Netapp | Aff A400 | - |
| Netapp | Aff A700S Firmware | - |
| Netapp | Aff A700S | - |
| Netapp | Aff C190 Firmware | - |
| Netapp | Aff C190 | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840Issue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200430-0004/Third Party Advisory
- https://usn.ubuntu.com/usn/usn-4302-1Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840Issue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200430-0004/Third Party Advisory
- https://usn.ubuntu.com/usn/usn-4302-1Third Party Advisory
FAQ
What is CVE-2020-8832?
CVE-2020-8832 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovere...
How severe is CVE-2020-8832?
CVE-2020-8832 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8832?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Solidfire \& Hci Management Node, Netapp Steelstore Cloud Integrated Storage, Netapp Aff 8300 Firmware.