CVE-2020-36322

CWE-4599 documents7 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 89.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Starwindsoftware Starwind Virtual SAN

Timeline

PublishedApr 14

Latest updateMay 24

Description

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel< 5.10.6

▶Debianlinux< 5.10.9-1+3

▶NVDstarwindsoftware/starwind_virtual_san8

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-phvx-v9j2-6wfr: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5↗2022-05-24

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-11-09

▶

CVEList

CVE-2020-36322: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5↗2021-04-14

▶

OSV

CVE-2020-36322: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5↗2021-04-14

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2022-03-22

▶

Ubuntu

Linux kernel vulnerabilities↗2021-11-09

▶

Red Hat

kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations↗2020-12-10

▶

Debian

CVE-2020-36322: linux - An issue was discovered in the FUSE filesystem implementation in the Linux kerne...↗2020

▶