CVE-2020-36385

HIGH EPSS 70.6%
Published Jun 7, 20215y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jun 7, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
70.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 19

VendorProductVersionRange
linuxlinux_kernel* <5.10
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph300e_firmware*any
netapph300e*any
netapph500e_firmware*any
netapph500e*any
netapph700e_firmware*any
netapph700e*any
netapph410s_firmware*any
netapph410s*any
netapph410c_firmware*any
netapph410c*any
starwindsoftwarestarwind_san_\&_nasv8r12any
starwindsoftwarestarwind_virtual_sanv8any

References 6

  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10
    Release NotesVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1
    PatchVendor Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20210720-0004/
    Third Party Advisory
  • sites.google.com https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2
    PatchThird Party Advisory
  • syzkaller.appspot.com https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6
    PatchThird Party Advisory
  • starwindsoftware.com https://www.starwindsoftware.com/security/sw-20220802-0002/
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1
    PatchVendor Advisory
  • sites.google.com https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2
    PatchThird Party Advisory
  • syzkaller.appspot.com https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6
    PatchThird Party Advisory