CVE-2020-10768

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10768

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10768.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-10768

Aliases

A-169505929
ASB-A-169505929

Downstream

DEBIAN-CVE-2020-10768

DLA-2323-1

RHSA-2020:3010

RHSA-2020:3016

RHSA-2020:3041

RHSA-2020:3073

RHSA-2020:3222

RHSA-2020:3297

SUSE-SU-2020:1693-1

SUSE-SU-2020:1699-1

SUSE-SU-2020:1713-1

SUSE-SU-2020:2027-1

SUSE-SU-2020:2103-1

SUSE-SU-2020:2105-1

SUSE-SU-2020:2106-1

SUSE-SU-2020:2107-1

SUSE-SU-2020:2121-1

SUSE-SU-2020:2134-1

SUSE-SU-2020:2156-1

SUSE-SU-2020:2478-1

SUSE-SU-2020:2487-1

UBUNTU-CVE-2020-10768

USN-4427-1

USN-4439-1

USN-4440-1

USN-4483-1

USN-4485-1

openSUSE-SU-2020:0935-1

openSUSE-SU-2020:1153-1

openSUSE-SU-2021:0242-1

openSUSE-SU-2024:10728-1

openSUSE-SU-2024:13704-1

Related

Published

2020-09-16T00:15:11Z

Modified

2025-08-09T20:01:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

References

Affected packages