Vulnerability CVE-2020-14386: Information

Description

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-14386

Published: Sept. 16, 2020

Modified: Nov. 7, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-mp	sisyphus	5.8.8-alt1	6.9.4-alt1	ALT-PU-2020-2757-1	257834	Fixed
kernel-image-mp	p10	5.8.8-alt1	6.1.19-alt1	ALT-PU-2020-2757-1	257834	Fixed
kernel-image-mp	p9	5.8.16-alt1	5.12.16-alt1	ALT-PU-2020-3210-1	261043	Fixed
kernel-image-mp	p11	5.8.8-alt1	6.8.8-alt1	ALT-PU-2020-2757-1	257834	Fixed
kernel-image-old-def	p9	4.19.182-alt1	4.19.182-alt1	ALT-PU-2021-1531-1	267886	Fixed
kernel-image-rpi-def	sisyphus	5.4.83-alt1	5.15.92-alt2	ALT-PU-2021-1093-1	264900	Fixed
kernel-image-rpi-def	p10	5.4.83-alt1	5.15.92-alt2	ALT-PU-2021-1093-1	264900	Fixed
kernel-image-rpi-def	p9	5.4.83-alt1	5.10.81-alt1	ALT-PU-2021-1128-1	264965	Fixed
kernel-image-rpi-def	p11	5.4.83-alt1	5.15.92-alt2	ALT-PU-2021-1093-1	264900	Fixed
kernel-image-rpi-un	sisyphus	5.10.2-alt1	6.6.23-alt1	ALT-PU-2020-3553-1	263808	Fixed
kernel-image-rpi-un	p10	5.10.2-alt1	6.1.77-alt1	ALT-PU-2020-3553-1	263808	Fixed
kernel-image-rpi-un	p9	5.10.7-alt1	5.12.17-alt1	ALT-PU-2021-1105-1	264968	Fixed
kernel-image-rpi-un	p11	5.10.2-alt1	6.6.23-alt1	ALT-PU-2020-3553-1	263808	Fixed
kernel-image-rt	sisyphus	4.19.152-alt1.rt65	6.1.92-alt1.rt32	ALT-PU-2020-3238-1	261265	Fixed
kernel-image-rt	p10	4.19.152-alt1.rt65	5.10.218-alt1.rt110	ALT-PU-2020-3238-1	261265	Fixed
kernel-image-rt	p9	4.19.160-alt1.rt69	4.19.189-alt1.rt78	ALT-PU-2020-3454-1	261560	Fixed
kernel-image-rt	c9f2	4.19.184-alt1.rt75	4.19.199-alt2.rt86	ALT-PU-2021-1840-1	270942	Fixed
kernel-image-rt	p11	4.19.152-alt1.rt65	6.1.90-alt2.rt30	ALT-PU-2020-3238-1	261265	Fixed
kernel-image-std-debug	sisyphus	5.4.65-alt1	6.1.94-alt1	ALT-PU-2020-2826-1	258108	Fixed
kernel-image-std-debug	p11	5.4.65-alt1	6.1.91-alt1	ALT-PU-2020-2826-1	258108	Fixed
kernel-image-std-def	sisyphus	5.4.65-alt1	6.1.94-alt1	ALT-PU-2020-2858-1	258111	Fixed
kernel-image-std-def	p10	5.4.65-alt1	5.10.218-alt1	ALT-PU-2020-2858-1	258111	Fixed
kernel-image-std-def	p9	5.4.68-alt1.1	5.4.277-alt1	ALT-PU-2020-2935-1	258798	Fixed
kernel-image-std-def	p8	4.9.239-alt0.M80P.1	4.9.337-alt0.M80P.1	ALT-PU-2020-3064-1	259933	Fixed
kernel-image-std-def	c9f2	5.4.68-alt1.1	5.10.214-alt0.c9f.2	ALT-PU-2020-2936-1	259117	Fixed
kernel-image-std-def	p11	5.4.65-alt1	6.1.91-alt1	ALT-PU-2020-2858-1	258111	Fixed
kernel-image-un-def	sisyphus	5.8.8-alt1	6.6.34-alt1	ALT-PU-2020-2770-1	256932	Fixed
kernel-image-un-def	p10	5.8.8-alt1	6.1.90-alt1	ALT-PU-2020-2770-1	256932	Fixed
kernel-image-un-def	p9	5.10.7-alt1	5.10.218-alt1	ALT-PU-2021-1083-1	263714	Fixed
kernel-image-un-def	p8	4.19.150-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2020-3032-1	259488	Fixed
kernel-image-un-def	c10f1	5.8.8-alt1	6.1.85-alt0.c10f.1	ALT-PU-2020-2770-1	256932	Fixed
kernel-image-un-def	c9f2	5.10.7-alt1	5.10.29-alt2	ALT-PU-2021-1083-1	263714	Fixed
kernel-image-un-def	c7	4.9.277-alt0.M70C.1	4.9.277-alt0.M70C.1	ALT-PU-2021-3032-1	281292	Fixed
kernel-image-un-def	p11	5.8.8-alt1	6.6.31-alt1	ALT-PU-2020-2770-1	256932	Fixed
linux-tools	sisyphus_e2k	5.10-alt1.E2K.1	5.10-alt1.E2K.3	ALT-PU-2023-7771-1	-	Fixed
linux-tools	p10_e2k	5.10-alt1.E2K.1	5.10-alt1.E2K.1	ALT-PU-2023-8360-1	-	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://seclists.org/oss-sec/2020/q3/146	Mailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06	Patch Vendor Advisory
[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update	Mailing List Third Party Advisory
openSUSE-SU-2020:1655	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html	Third Party Advisory VDB Entry
[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update	Mailing List Third Party Advisory
[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update	Mailing List Third Party Advisory
[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list	Mailing List Third Party Advisory
[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list	Mailing List Third Party Advisory
[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list	Mailing List Third Party Advisory
FEDORA-2020-468121099e

Affected configurations:
1. Configuration 1
  cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.6
  End excliding
  4.9.239
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.10
  End excliding
  4.14.201
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.15
  End excliding
  4.19.150
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.20
  End excliding
  5.4.64
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  5.5
  End excliding
  5.8.8
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2020-14386: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4