CVE-2020-36313

Published on: 04/06/2021 12:00:00 AM UTC

Last Modified on: 04/13/2021 12:24:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.

  • CVE-2020-36313 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 4.6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219
cdn.kernel.org
text/plain
MISC cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
LinuxLinux KernelAllAllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2020-36313 : An issue was discovered in the #Linux #kernel before 5.7. The KVM subsystem allows out-of-range ac… twitter.com/i/web/status/1… 2021-04-07 00:05:07