CVE-2020-14304
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux Kernel | kernel | 5.6.7-1 | affected |
| Linux Kernel | kernel | 4.19.118-2 | affected |
| Linux Kernel | kernel | 4.9.210-1 | affected |
Weaknesses
- CWE-460: CWE-460
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.