Uncaught Exception Affecting kernel-debug-devel package, versions <0:3.10.0-1127.13.1.el7
Threat Intelligence
EPSS
0.05% (19th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELDEBUGDEVEL-2166826
- published 26 Jul 2021
- disclosed 14 May 2020
Introduced: 14 May 2020
CVE-2020-12888 Open this link in a new tabHow to fix?
Upgrade Centos:7 kernel-debug-devel to version 0:3.10.0-1127.13.1.el7 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debug-devel package and not the kernel-debug-devel package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://access.redhat.com/security/cve/CVE-2020-12888
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- http://www.openwall.com/lists/oss-security/2020/05/19/6
- https://access.redhat.com/errata/RHSA-2020:2664
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- https://usn.ubuntu.com/4525-1/
- https://usn.ubuntu.com/4526-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
CVSS Scores
version 3.1