CVE-2020-8832

moderate-risk

Published 2020-04-10

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Ubuntu Linux

Cloud Backup

Solidfire \& Hci Management Node

Steelstore Cloud Integrated Storage

Aff 8300 Firmware

Aff 8700 Firmware

Aff A220 Firmware

Aff A320 Firmware

Aff A400 Firmware

Aff A700S Firmware

Aff C190 Firmware

H300E Firmware

H300S Firmware

H410C Firmware

H410S Firmware

H500E Firmware

H500S Firmware

H610C Firmware

H610S Firmware

H615C Firmware

Affected Vendors

Canonical Netapp

References (6)

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840

Third Party Advisory https://security.netapp.com/advisory/ntap-20200430-0004/

Third Party Advisory https://usn.ubuntu.com/usn/usn-4302-1

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840

Third Party Advisory https://security.netapp.com/advisory/ntap-20200430-0004/

Third Party Advisory https://usn.ubuntu.com/usn/usn-4302-1

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 23/34 · High