CVE-2020-36385
published 2021-06-07CVE-2020-36385: An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in…
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.48%
70.6th percentile
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.10.4-1 (bookworm) | linux 5.10.4-1 (bookworm) |
| linux | linux_kernel | < 5.10 | 5.10 |
| linux | linux_kernel | >= 0 < 5.10.4-1 | 5.10.4-1 |
| linux | linux_kernel | >= 0 < 5.10.4-1 | 5.10.4-1 |
| linux | linux_kernel | >= 0 < 5.10.4-1 | 5.10.4-1 |
| linux | linux_kernel | >= 0 < 5.10.4-1 | 5.10.4-1 |
| linux | linux_kernel | >= 0 < 4.15.0-162.170 | 4.15.0-162.170 |
| linux | linux_kernel | >= 0 < 5.4.0-90.101 | 5.4.0-90.101 |
| linux | linux_kernel | >= 0 < 4.4.0-222.255 | 4.4.0-222.255 |
| paloalto | pan-os | — | — |
| starwindsoftware | starwind_san_nas | — | — |
| starwindsoftware | starwind_virtual_san | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-03-22·CVSS 7.8
CVE-2020-25673 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly us
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-11-11·CVSS 7.8
CVE-2021-3759 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)
Wolfgang Frisch discovered that the ext4 file system implementation in
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-11-09·CVSS 7.8
CVE-2021-38199 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-11-09·CVSS 7.8
CVE-2020-36385 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)
Wolfgang Frisch discovered that the ext4 file system implementation in
Red Hat
kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
vendor_redhat·2021-06-07·CVSS 7.8
CVE-2020-36385 [HIGH] CWE-416 kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges.
Mitigation: Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: kernel-alt (Red Hat Enterprise Linux 7)
Debian
CVE-2020-36385: linux - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core...
vendor_debian·2020·CVSS 7.8
CVE-2020-36385 [HIGH] CVE-2020-36385: linux - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core...
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Scope: local
bookworm: resolved (fixed in 5.10.4-1)
bullseye: resolved (fixed in 5.10.4-1)
forky: resolved (fixed in 5.10.4-1)
sid: resolved (fixed in 5.10.4-1)
trixie: resolved (fixed in 5.10.4-1)
GHSA
GHSA-hpxg-r4xf-hphw: An issue was discovered in the Linux kernel before 5
ghsa_unreviewed·2022-05-24
CVE-2020-36385 [HIGH] CWE-416 GHSA-hpxg-r4xf-hphw: An issue was discovered in the Linux kernel before 5
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2022-03-22·CVSS 7.8
CVE-2022-0492 [HIGH] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE
OSV
linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2021-11-11·CVSS 7.8
CVE-2019-19449 [HIGH] linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)
Wolfgang Frisch discovered that the ext4 file system implementat
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2021-11-09·CVSS 7.8
[HIGH] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)
It was discovered that the Infiniband RDMA userspace con
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm vulnerabilities
osv·2021-11-09·CVSS 7.8
CVE-2019-19449 [HIGH] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm vulnerabilities
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020
OSV
CVE-2020-36385: An issue was discovered in the Linux kernel before 5
osv·2021-06-07·CVSS 7.8
CVE-2020-36385 [HIGH] CVE-2020-36385: An issue was discovered in the Linux kernel before 5
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1https://security.netapp.com/advisory/ntap-20210720-0004/https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6https://www.starwindsoftware.com/security/sw-20220802-0002/https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1https://security.netapp.com/advisory/ntap-20210720-0004/https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6https://www.starwindsoftware.com/security/sw-20220802-0002/
2021-06-07
Published