CVE-2020-12770

moderate-risk

Published 2020-05-09

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Linux Kernel

Fedora

Ubuntu Linux

Debian Linux

Active Iq Unified Manager

Cloud Backup

Element Software

Hci Management Node

Solidfire

Steelstore Cloud Integrated Storage

Bootstrap Os

A700S Firmware

Affected Vendors

Debian Linux Canonical Fedoraproject Netapp

References (32)

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83...

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List https://lkml.org/lkml/2020/4/13/870

Third Party Advisory https://security.netapp.com/advisory/ntap-20200608-0001/

Third Party Advisory https://usn.ubuntu.com/4411-1/

Third Party Advisory https://usn.ubuntu.com/4412-1/

Third Party Advisory https://usn.ubuntu.com/4413-1/

Third Party Advisory https://usn.ubuntu.com/4414-1/

Third Party Advisory https://usn.ubuntu.com/4419-1/

Third Party Advisory https://www.debian.org/security/2020/dsa-4698

Third Party Advisory https://www.debian.org/security/2020/dsa-4699

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83...

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

and 12 more references

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High