What is CVE-2020-10767?

CVE-2020-10767 is a medium-severity vulnerability in Linux Kernel, classified under Expected Behavior Violation. CVSS score: 5.5/10. Published 2020-09-15.

How severe is CVE-2020-10767?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2020-10767 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linux Kernel

CVE-2020-10767

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Rest…

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Linux Kernel — versions before 5.8-rc1

Weakness classification (CWE)

CWE-440 — Expected Behavior Violation

Public proof-of-concept exploits

TinyNiko/android_

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-10767?: CVE-2020-10767 is a medium-severity vulnerability in Linux Kernel, classified under Expected Behavior Violation. CVSS score: 5.5/10. Published 2020-09-15.
How severe is CVE-2020-10767?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2020-10767 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.