CVE-2020-8832

Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615

Description

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

Remediation

Solution:

  • Update to linux kernel 4.15.0-91.92 or newer, or apply the following commits: (20ccd4d3f689ac14dce8632d76769be0ac952060) drm/i915: Use same test for eviction and submitting kernel context (1803fcbca2e444f7972430c4dc1c3e98c6ee1bc9) drm/i915: Define an engine class enum for the uABI (ae6c4574782dbfebcbf1f7e3620bcaf58ceb69e3) drm/i915: Force the switch to the i915->kernel_context (f58d13d5717938d4dfcc82a2eeba0a6d7644f6e5) drm/i915: Move GT powersaving init to i915_gem_init() (cc6a818ad6bdb0d3008314cbd0fc9c9a2cd02695) drm/i915: Move intel_init_clock_gating() to i915_gem_init() (d378a3efb819e6d1992127122d957337571b4594) drm/i915: Inline intel_modeset_gem_init() (f4e15af7e21861445821d5f09922ef7e695269a1) drm/i915: Mark the context state as dirty/written (d2b4b97933f5adacfba42dc3b9200d0e21fbe2c4) drm/i915: Record the default hw state after reset upon load

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.65%
Vendor Advisory ubuntu.com
Affected: Ubuntu 18.04 LTS (bionic) Linux kernel
Published at:
Updated at:

References

Link Tags
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 third party advisory issue tracking
https://usn.ubuntu.com/usn/usn-4302-1 third party advisory vendor advisory
https://security.netapp.com/advisory/ntap-20200430-0004/ third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-8832?
CVE-2020-8832 has been scored as a medium severity vulnerability.
How to fix CVE-2020-8832?
To fix CVE-2020-8832: Update to linux kernel 4.15.0-91.92 or newer, or apply the following commits: (20ccd4d3f689ac14dce8632d76769be0ac952060) drm/i915: Use same test for eviction and submitting kernel context (1803fcbca2e444f7972430c4dc1c3e98c6ee1bc9) drm/i915: Define an engine class enum for the uABI (ae6c4574782dbfebcbf1f7e3620bcaf58ceb69e3) drm/i915: Force the switch to the i915->kernel_context (f58d13d5717938d4dfcc82a2eeba0a6d7644f6e5) drm/i915: Move GT powersaving init to i915_gem_init() (cc6a818ad6bdb0d3008314cbd0fc9c9a2cd02695) drm/i915: Move intel_init_clock_gating() to i915_gem_init() (d378a3efb819e6d1992127122d957337571b4594) drm/i915: Inline intel_modeset_gem_init() (f4e15af7e21861445821d5f09922ef7e695269a1) drm/i915: Mark the context state as dirty/written (d2b4b97933f5adacfba42dc3b9200d0e21fbe2c4) drm/i915: Record the default hw state after reset upon load
Is CVE-2020-8832 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-8832 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8832?
CVE-2020-8832 affects Ubuntu 18.04 LTS (bionic) Linux kernel.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.