VDB

CVE-2020-10774

CVE-2020-10774 PUBLISHED

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

EPSS 0.04% · 11.7th percentile

Risk Scores

EPSS Score
0.04%
11.7th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlinux-gcp5.0.0-1020.20~18.04.1, 5.0.0-1021.21~18.04.1, 5.0.0-1025.26~18.04.1
Ubuntu:Pro:14.04:LTSlinux-azure*, *, *
Ubuntu:16.04:LTSlinux-hwe-edge*, 4.8.0-28.30~16.04.1, 4.8.0-30.32~16.04.1
Ubuntu:Pro:14.04:LTSlinux3.13.0-198.249, 3.13.0-18.38, 3.12.0-7.15
Ubuntu:18.04:LTSlinux-gcp-edge4.18.0-1015.16~18.04.1, 5.0.0-1011.11~18.04.1, 5.0.0-1013.13~18.04.1
Ubuntu:18.04:LTSlinux-azure-edge*, 4.18.0-1008.8~18.04.1, 4.18.0-1007.7~18.04.1
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-24.26~18.04.2, 5.3.0-23.25~18.04.2, 5.3.0-23.25~18.04.1
Ubuntu:Pro:14.04:LTSlinux-lts-xenial4.4.0-72.93~14.04.1, 4.4.0-71.92~14.04.1, 4.4.0-70.91~14.04.1
Ubuntu:18.04:LTSlinux-aws-5.00, 5.0.0-1025.28, 5.0.0-1027.30
Ubuntu:20.04:LTSlinux-raspi25.4.0-1006.6, 5.4.0-1004.4, 5.3.0-1017.19
Ubuntu:Pro:14.04:LTSlinux-aws4.4.0-1028.31, 4.4.0-1029.32, 4.4.0-1006.6
Ubuntu:18.04:LTSlinux-azure4.18.0-1020.20~18.04.1, 4.15.0-1019.19, 4.15.0-1023.24
Ubuntu:18.04:LTSlinux-oracle-5.00, 5.0.0-1007.12~18.04.1, 5.0.0-1008.13~18.04.1

Timeline

  • Nov 4, 2020 CVE Published
  • May 28, 2021 EPSS Score
  • Jul 30, 2021 EPSS Score
  • Sep 29, 2021 EPSS Score
  • Nov 29, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jun 1, 2022 EPSS Score
  • Aug 2, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›