CVE-2020-12888

moderate-risk

Published 2020-05-15

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Linux Kernel

Fedora

Leap

Debian Linux

Ubuntu Linux

Active Iq Unified Manager

Cloud Backup

Element Software

Hci Management Node

Solidfire

Steelstore Cloud Integrated Storage

Solidfire Baseboard Management Controller Firmware

Bootstrap Os

A700S Firmware

H300S Firmware

Affected Vendors

Debian Linux Canonical Fedoraproject Netapp Opensuse

References (26)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Mailing List http://www.openwall.com/lists/oss-security/2020/05/19/6

Mailing List https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40giml...

https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40giml...

Third Party Advisory https://security.netapp.com/advisory/ntap-20200608-0001/

Third Party Advisory https://usn.ubuntu.com/4525-1/

Third Party Advisory https://usn.ubuntu.com/4526-1/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Mailing List http://www.openwall.com/lists/oss-security/2020/05/19/6

Mailing List https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

and 6 more references

/ 100

moderate-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 22/34 · High