CVE-2020-36385

CWE-416Use After Free11 documents7 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelStarwindsoftware Starwind SAN \& NASStarwindsoftware Starwind Virtual SAN
Timeline
PublishedJun 7
Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel< 5.10
Debianlinux< 5.10.4-1+3

Patches

Patch: git.kernel.orgPatch: sites.google.comPatch: syzkaller.appspot.com

🔴Vulnerability Details

4
GHSA
GHSA-hpxg-r4xf-hphw: An issue was discovered in the Linux kernel before 52022-05-24
OSV
linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities2021-11-11
OSV
CVE-2020-36385: An issue was discovered in the Linux kernel before 52021-06-07
CVEList
CVE-2020-36385: An issue was discovered in the Linux kernel before 52021-06-07

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2021-11-11
Ubuntu
Linux kernel vulnerabilities2021-11-09
Ubuntu
Linux kernel vulnerabilities2021-11-09
Red Hat
kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free2021-06-07
CVE-2020-36385 (HIGH CVSS 7.8) | An issue was discovered in the Linu | cvebase.io