medium
4.4
CWE
908
Advisory Published
Updated

CVE-2020-10732

First published: Fri May 01 2020(Updated: )

A flaw was found in the Linux kernel implementation of userspace core dumps. This flaw allows anyone with access to core dumps to see a small amount of private kernel data about the current running kernels internal state which could be used to further allow an attack to more reliably execute. This information could be user processes or kernel state from previous executions. References: <a href="https://github.com/google/kmsan/issues/76">https://github.com/google/kmsan/issues/76</a> <a href="https://twitter.com/grsecurity/status/1252558055629299712">https://twitter.com/grsecurity/status/1252558055629299712</a> <a href="https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a">https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a</a>

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:3.10.0-1160.rt56.1131.el7
0:3.10.0-1160.rt56.1131.el7
redhat/kernel<0:3.10.0-1160.el7
0:3.10.0-1160.el7
redhat/kernel-rt<0:4.18.0-240.rt7.54.el8
0:4.18.0-240.rt7.54.el8
redhat/kernel<0:4.18.0-240.el8
0:4.18.0-240.el8
Linux Kernel<3.16.85
Linux Kernel>=4.4<4.4.226
Linux Kernel>=4.9<4.9.226
Linux Kernel>=4.14<4.14.183
Linux Kernel>=4.19<4.19.126
Linux Kernel>=5.4<5.4.44
Linux Kernel>=5.6<5.6.16
openSUSE=15.1
openSUSE=15.2
Ubuntu Linux=14.04
Ubuntu Linux=16.04
Ubuntu Linux=18.04
Ubuntu Linux=20.04
NetApp Active IQ Unified Manager for VMware vSphere>=9.5
netapp hci management node
netapp solidfire
NetApp SteelStore
All of
NetApp AFF A700 Firmware
NetApp AFF A700
All of
netapp h410c firmware
netapp h410c
All of
netapp h300s firmware
netapp h300s
All of
NetApp H500S Firmware
netapp h500s
All of
netapp h700s firmware
netapp h700s
All of
netapp h300e firmware
netapp h300e
All of
netapp h500e firmware
netapp h500e
All of
netapp h700e firmware
netapp h700e
All of
netapp h410s firmware
netapp h410s
All of
NetApp AFF 8300 Firmware
NetApp AFF 8300
All of
NetApp AFF 8700
NetApp AFF 8700
All of
NetApp AFF A400
NetApp AFF A400
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.13-1
Android
Ubuntu=14.04
Ubuntu=16.04
Ubuntu=18.04
Ubuntu=20.04
NetApp AFF A700 Firmware
NetApp AFF A700
netapp h410c firmware
netapp h410c
netapp h300s firmware
netapp h300s
NetApp H500S Firmware
netapp h500s
netapp h700s firmware
netapp h700s
netapp h300e firmware
netapp h300e
netapp h500e firmware
netapp h500e
netapp h700e firmware
netapp h700e
netapp h410s firmware
netapp h410s
NetApp AFF 8300 Firmware
NetApp AFF 8300
NetApp AFF 8700
NetApp AFF 8700
NetApp AFF A400
NetApp AFF A400

Remedy

Possible mitigation would be to disable core dumps system-wide by setting: * hard core 0 In the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d

Remedy

https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2020-10732?

    The severity of CVE-2020-10732 is classified as medium, impacting the confidentiality of kernel data in core dumps.

  • How do I fix CVE-2020-10732?

    To fix CVE-2020-10732, upgrade to the recommended versions of the kernel provided by your OS vendor.

  • Who is affected by CVE-2020-10732?

    CVE-2020-10732 affects various versions of the Linux kernel, particularly those prior to the fixed versions released by vendors.

  • What impact does CVE-2020-10732 have on system security?

    CVE-2020-10732 can allow unauthorized access to sensitive kernel data, potentially leading to further exploits.

  • Is there a workaround for CVE-2020-10732?

    There are no specific workarounds for CVE-2020-10732; the best mitigation is to apply the appropriate kernel updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203