CVE-2020-11669

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

—

Description

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2020-11669 NameCVE-2020-11669 DescriptionAn issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE…

CVE-2020-11669

Name	CVE-2020-11669
Description	An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.257-1	fixed
	bookworm	6.1.170-3	fixed
	bookworm (security)	6.1.174-1	fixed
	trixie	6.12.86-1	fixed
	trixie (security)	6.12.90-2	fixed
	forky, sid	7.0.10-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
linux	source	jessie	(not affected)
linux	source	stretch	(not affected)
linux	source	buster	4.19.118-1
linux	source	(unstable)	5.2.6-1

Notes

[stretch] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)
[jessie] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)
https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0
https://www.openwall.com/lists/oss-security/2020/04/15/1

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[stretch] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)[jessie] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0https://www.openwall.com/lists/oss-security/2020/04/15/1

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`5.2.6-1`
sid	Fixed	`5.2.6-1`
forky	Fixed	`5.2.6-1`
bullseye	Fixed	`5.2.6-1`
bookworm	Fixed	`5.2.6-1`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.