CVE-2020-8832

NameCVE-2020-8832
DescriptionThe fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.132-1fixed
buster (security)4.19.118-2+deb10u1fixed
bullseye, sid5.7.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie(not affected)
linuxsourcestretch(not affected)
linuxsource(unstable)4.16.5-1

Notes

[stretch] - linux <not-affected> (Vulnerable code not present, incomplete fix not applied)
[jessie] - linux <not-affected> (No support for this hardware)
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
The CVE is for an incomplete fix for CVE-2019-14615 which technically only
affects upstream versions (and downstreams) which applied the fix fo
CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context
state on context switch"). But there is need to apply as well the prerequistite
d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load").

Search for package or bug name: Reporting problems