{ "threat_severity" : "Important", "public_date" : "2020-06-09T14:00:00Z", "bugzilla" : { "description" : "kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.", "id" : "1845868", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1845868" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-440", "details" : [ "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.", "A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality." ], "statement" : "This flaw is rated as having Important impact, because it enables exploitation of the previous Spectre v2 attack, which has a rating of Important.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-07-21T00:00:00Z", "advisory" : "RHSA-2020:3016", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-193.13.2.rt13.65.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-07-21T00:00:00Z", "advisory" : "RHSA-2020:3010", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-193.13.2.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-07-21T00:00:00Z", "advisory" : "RHSA-2020:3073", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date" : "2020-07-21T00:00:00Z", "advisory" : "RHSA-2020:3041", "cpe" : "cpe:/o:redhat:rhel_e4s:8.0", "package" : "kernel-0:4.18.0-80.27.1.el8_0" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2020-07-29T00:00:00Z", "advisory" : "RHSA-2020:3222", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kernel-0:4.18.0-147.24.2.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2020-08-04T00:00:00Z", "advisory" : "RHSA-2020:3297", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kpatch-patch" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-alt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10768\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10768\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf" ], "name" : "CVE-2020-10768", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang" : "en:us" }, "csaw" : false }