CVE-2020-36385

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

References

https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1

https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10

Details

Source: MITRE

Published: 2021-06-07

Updated: 2021-07-20

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
152481SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2643-1)NessusSuSE Local Security Checks
high
152188SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 18 for SLE 12 SP4) (SUSE-SU-2021:2584-1)NessusSuSE Local Security Checks
high
152167SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:2577-1)NessusSuSE Local Security Checks
high
152159SUSE SLES15 Security Update : kernel (Live Patch 22 for SLE 15 SP1) (SUSE-SU-2021:2560-1)NessusSuSE Local Security Checks
high
152142SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP1) (SUSE-SU-2021:2542-1)NessusSuSE Local Security Checks
high
152116SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP2) (SUSE-SU-2021:2538-1)NessusSuSE Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
151998SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)NessusSuSE Local Security Checks
high
151996SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2426-1)NessusSuSE Local Security Checks
high
151989SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151935openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151877SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2407-1)NessusSuSE Local Security Checks
high
151873SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2416-1)NessusSuSE Local Security Checks
high
151652SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2325-1)NessusSuSE Local Security Checks
high
151617SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2303-1)NessusSuSE Local Security Checks
high
151200SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2202-1)NessusSuSE Local Security Checks
high
151125SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2184-1)NessusSuSE Local Security Checks
high