What is CVE-2020-10768?

CVE-2020-10768 is a medium-severity vulnerability in Linux Kernel, classified under Expected Behavior Violation. CVSS score: 5.5/10. Published 2020-09-15.

How severe is CVE-2020-10768?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Linux Kernel

CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not a…

EPSS: 0.000 (10.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Linux Kernel — versions before 5.8-rc1

Weakness classification (CWE)

CWE-440 — Expected Behavior Violation

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-10768?: CVE-2020-10768 is a medium-severity vulnerability in Linux Kernel, classified under Expected Behavior Violation. CVSS score: 5.5/10. Published 2020-09-15.
How severe is CVE-2020-10768?: Medium severity. CVSS v3 base score is 5.5 out of 10.