cbcvebase.
CVE-2020-36385
published 2021-06-07

CVE-2020-36385: An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in…

PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.48%
70.6th percentile
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 5.10.4-1 (bookworm)linux 5.10.4-1 (bookworm)
linuxlinux_kernel< 5.105.10
linuxlinux_kernel>= 0 < 5.10.4-15.10.4-1
linuxlinux_kernel>= 0 < 5.10.4-15.10.4-1
linuxlinux_kernel>= 0 < 5.10.4-15.10.4-1
linuxlinux_kernel>= 0 < 5.10.4-15.10.4-1
linuxlinux_kernel>= 0 < 4.15.0-162.1704.15.0-162.170
linuxlinux_kernel>= 0 < 5.4.0-90.1015.4.0-90.101
linuxlinux_kernel>= 0 < 4.4.0-222.2554.4.0-222.255
paloaltopan-os
starwindsoftwarestarwind_san_nas
starwindsoftwarestarwind_virtual_san

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.