Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c41n-c5cx-uqfr
Vulnerability ID VCID-c41n-c5cx-uqfr
Aliases CVE-2020-27170
Summary An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 4.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27170.json
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2020-27170
archlinux Medium https://security.archlinux.org/AVG-1711
archlinux Medium https://security.archlinux.org/AVG-1712
archlinux Medium https://security.archlinux.org/AVG-1713
archlinux Medium https://security.archlinux.org/AVG-1714
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27170.json
https://api.first.org/data/v1/epss?cve=CVE-2020-27170
1940627 https://bugzilla.redhat.com/show_bug.cgi?id=1940627
AVG-1711 https://security.archlinux.org/AVG-1711
AVG-1712 https://security.archlinux.org/AVG-1712
AVG-1713 https://security.archlinux.org/AVG-1713
AVG-1714 https://security.archlinux.org/AVG-1714
RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314
RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27170.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35406
EPSS Score 0.00151
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:43:23.950240+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0