VDB
CVE-2020-28588
CVE-2020-28588
PUBLISHED
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
EPSS 0.04% · 13.7th percentile
Risk Scores
EPSS Score
0.04%
13.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1033.35, 5.4.0-1035.37, 0 |
| Ubuntu:18.04:LTS | linux-raspi-5.4 | 5.4.0-1016.17~18.04.1, 5.4.0-1018.20~18.04.1, 5.4.0-1019.21~18.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.4 | 5.4.0-1032.33~18.04.1, *, 5.4.0-1035.37~18.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-5.4 | 5.4.0-51.56~18.04.1, 5.4.0-48.52~18.04.1, 5.4.0-47.51~18.04.1 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1033.35~18.04.1, 5.4.0-1035.37~18.04.1, 5.4.0-1032.34~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-edge | *, 4.18.0-1011.12~18.04.1, 4.18.0-1013.14~18.04.1 |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-aws-fips | 0, 5.4.0-1021.21+fips2 |
| Ubuntu:18.04:LTS | linux-aws-5.3 | 5.3.0-1035.37, *, 5.3.0-1016.17~18.04.1 |
| Ubuntu:20.04:LTS | linux-gcp | 5.4.0-1030.32, 5.3.0-1011.12, 0 |
| Ubuntu:18.04:LTS | linux-azure-5.4 | 5.4.0-1020.20~18.04.1, 0, 5.4.0-1034.35~18.04.1 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1013.18, 5.0.0-1014.19, 0 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-gcp-fips | 5.4.0-1021.21+fips1, 0 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-34.38, 5.4.0-33.37, 5.4.0-31.35 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-azure-fips | 0, 5.4.0-1022.22+fips1 |
| Ubuntu:18.04:LTS | linux-hwe | 5.3.0-69.65, 5.3.0-70.66, 5.3.0-72.68 |
| Ubuntu:18.04:LTS | linux-oracle-5.4 | 5.4.0-1024.24~18.04.1, 5.4.0-1028.29~18.04.1, 5.4.0-1029.31~18.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:20.04:LTS | linux-oracle | 5.4.0-1007.7, 5.4.0-1008.8, 5.4.0-1015.15 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1015.17, 5.3.0-1017.19, 5.4.0-1006.6 |
| Ubuntu:20.04:LTS | linux-kvm | 5.4.0-1028.29, 5.4.0-1026.27, 5.4.0-1030.31 |
…and 25 more
Timeline
- Dec 4, 2020 CVE Published
- May 11, 2021 EPSS Score
- Jul 14, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Nov 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 18, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 18, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Sep 20, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-28588 third-party-advisory
- https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6 third-party-advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 third-party-advisory
- https://ubuntu.com/security/notices/USN-4750-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4751-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4752-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-28588 third-party-advisory