CVE-2020-11884
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel on s390 platforms that could allow local attackers to execute arbitrary code or cause system crashes. It affects Linux kernel versions 4.19 through 5.6.7 running on IBM s390/zSeries mainframe architecture. The vulnerability exists in memory access handling code that fails to properly protect against concurrent page table modifications.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire by Netapp
Solidfire Baseboard Management Controller by Netapp
View all CVEs affecting Solidfire Baseboard Management Controller →
Steelstore Cloud Integrated Storage by Netapp
View all CVEs affecting Steelstore Cloud Integrated Storage →
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, allowing complete system compromise and potential data exfiltration or destruction.
Likely Case
Kernel panic leading to system crash and denial of service, requiring manual intervention to restore operations.
If Mitigated
Limited impact with proper access controls and monitoring, potentially only affecting non-critical services.
🎯 Exploit Status
Exploitation requires local access and precise timing to trigger the race condition. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.6.8 and later, or backported patches for earlier versions
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
Restart Required: Yes
Instructions:
1. Update to Linux kernel 5.6.8 or later. 2. For distributions with backported patches, apply security updates through your package manager. 3. Reboot the system to load the patched kernel.
🔧 Temporary Workarounds
Restrict local user access
linuxLimit shell access to trusted users only to reduce attack surface
Implement strict privilege separation
linuxUse SELinux/AppArmor to restrict user capabilities and limit damage from potential exploitation
🧯 If You Can't Patch
- Implement strict access controls to limit who has shell access to affected systems
- Monitor system logs for unusual privilege escalation attempts or kernel panics
🔍 How to Verify
Check if Vulnerable:
Check kernel version with 'uname -r' and verify if running 4.19-5.6.7 on s390 architecture. Check architecture with 'uname -m' (should show s390x).Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version is 5.6.8 or later, or check with distribution-specific tools like 'rpm -q kernel' or 'dpkg -l linux-image*' for applied security updates.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- Unexpected privilege escalation events in audit logs
- Crash dumps or system reboots without clear cause
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "oops" OR "segfault") AND host_arch="s390"🔗 References
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4342-1/
- https://usn.ubuntu.com/4343-1/
- https://usn.ubuntu.com/4345-1/
- https://www.debian.org/security/2020/dsa-4667
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://usn.ubuntu.com/4342-1/
- https://usn.ubuntu.com/4343-1/
- https://usn.ubuntu.com/4345-1/
- https://www.debian.org/security/2020/dsa-4667
