Vulnerabilities > CVE-2020-27170 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

Vulnerable Configurations

Part Description Count
OS
Linux
739
OS
Fedoraproject
3
OS
Canonical
4
OS
Debian
1

Common Weakness Enumeration (CWE)