How severe is CVE-2020-10766?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-10766?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2020-10766

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-440

View all →

Vulnerability Description

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.

CVE-2020-10767

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or...

CWE-4402020

CVE-2020-10768

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as ...

CWE-4402020

CVE-2022-3344

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault ...

CWE-4402022

CVE-2025-27094

MEDIUM

CVSS:5.4(Medium)

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading ...

CWE-4402025

CVE-2023-32732

MEDIUM

CVSS:5.3(Medium)

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco...

CWE-4402023

CVE-2024-47762

MEDIUM

CVSS:5.8(Medium)

Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ig...

CWE-4402024

CVE-2020-10766

Vulnerability Description

Related Vulnerabilities

CVE-2020-10767

CVE-2020-10768

CVE-2022-3344

CVE-2025-27094

CVE-2023-32732

CVE-2024-47762