Skip to content

kernel CVE-2020-12888

High
webern published GHSA-c6j2-9754-jf2x Nov 19, 2020

Package

kernel

Affected versions

< 1.0.3

Patched versions

1.0.3

Description

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. This flaw allows a guest user or process to crash the host system resulting in a denial of service.

Severity

High

CVE ID

CVE-2020-12888

Weaknesses

No CWEs