How severe is CVE-2020-10767?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-10767?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2020-10767

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-440

View all →

Vulnerability Description

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.

CVE-2020-10766

MEDIUM

CVSS:5.5(Medium)

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context...

CWE-4402020

CVE-2020-10768

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as ...

CWE-4402020

CVE-2022-3344

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault ...

CWE-4402022

CVE-2025-27094

MEDIUM

CVSS:5.4(Medium)

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading ...

CWE-4402025

CVE-2023-32732

MEDIUM

CVSS:5.3(Medium)

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco...

CWE-4402023

CVE-2024-47762

MEDIUM

CVSS:5.8(Medium)

Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ig...

CWE-4402024

CVE-2020-10767

Vulnerability Description

Related Vulnerabilities

CVE-2020-10766

CVE-2020-10768

CVE-2022-3344

CVE-2025-27094

CVE-2023-32732

CVE-2024-47762