CVE Vulnerabilities

CVE-2020-14304

Improper Cleanup on Thrown Exception

Published: Sep 15, 2020 | Modified: Feb 12, 2023
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

A memory disclosure flaw was found in the Linux kernels ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

Weakness

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 4.19.118-2 4.19.118-2
Linux_kernel Linux 4.9.210-1 4.9.210-1
Linux_kernel Linux 5.6.7-1 5.6.7-1

Potential Mitigations

References