CVE-2020-15436: Use After Free
First published: Mon Jun 08 2020(Updated: )
A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue.
Credit: securities@openeuler.org securities@openeuler.org securities@openeuler.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.15.2.rt56.1152.el7 | 0:3.10.0-1160.15.2.rt56.1152.el7 |
| redhat/kernel | <0:3.10.0-1160.15.2.el7 | 0:3.10.0-1160.15.2.el7 |
| redhat/kernel-alt | <0:4.14.0-115.35.1.el7a | 0:4.14.0-115.35.1.el7a |
| redhat/kernel | <0:3.10.0-957.72.1.el7 | 0:3.10.0-957.72.1.el7 |
| redhat/kernel | <0:3.10.0-1062.51.1.el7 | 0:3.10.0-1062.51.1.el7 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Android | ||
| Linux Kernel | >=2.6.38<4.4.229 | |
| Linux Kernel | >=4.5<4.9.229 | |
| Linux Kernel | >=4.10<4.14.186 | |
| Linux Kernel | >=4.15<4.19.130 | |
| Linux Kernel | >=4.20<5.4.49 | |
| Linux Kernel | >=5.5<5.7.6 | |
| Brocade Fabric OS | ||
| netapp cloud backup | ||
| netapp solidfire \& hci management node | ||
| netapp solidfire baseboard management controller firmware | ||
| netapp solidfire baseboard management controller | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| netapp h615c firmware | ||
| netapp h615c | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| NetApp AFF 8700 | ||
| NetApp AFF 8700 | ||
| NetApp FAS8700 Firmware | ||
| NetApp FAS8700 | ||
| NetApp AFF 8300 Firmware | ||
| NetApp AFF 8300 | ||
| NetApp FAS8300 | ||
| NetApp FAS8300 | ||
| NetApp AFF A400 | ||
| NetApp AFF A400 | ||
| netapp fabric-attached storage a400 firmware | ||
| netapp fabric-attached storage a400 | ||
| netapp a250 firmware | ||
| netapp a250 | ||
| netapp aff 500f firmware | ||
| netapp aff 500f | ||
| netapp fas 500f firmware | ||
| netapp fas 500f | ||
| All of | ||
| netapp solidfire baseboard management controller firmware | ||
| netapp solidfire baseboard management controller | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| All of | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| All of | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| All of | ||
| netapp h615c firmware | ||
| netapp h615c | ||
| All of | ||
| NetApp AFF A700s Firmware | ||
| netapp a700s | ||
| All of | ||
| NetApp AFF 8700 | ||
| NetApp AFF 8700 | ||
| All of | ||
| NetApp FAS8700 Firmware | ||
| NetApp FAS8700 | ||
| All of | ||
| NetApp AFF 8300 Firmware | ||
| NetApp AFF 8300 | ||
| All of | ||
| NetApp FAS8300 | ||
| NetApp FAS8300 | ||
| All of | ||
| NetApp AFF A400 | ||
| NetApp AFF A400 | ||
| All of | ||
| netapp fabric-attached storage a400 firmware | ||
| netapp fabric-attached storage a400 | ||
| All of | ||
| netapp a250 firmware | ||
| netapp a250 | ||
| All of | ||
| netapp aff 500f firmware | ||
| netapp aff 500f | ||
| All of | ||
| netapp fas 500f firmware | ||
| netapp fas 500f |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-15436 https://nvd.nist.gov/vuln/detail/CVE-2020-15436
- https://bugzilla.redhat.com/show_bug.cgi?id=1901168
- https://access.redhat.com/errata/RHSA-2021:0338
- https://access.redhat.com/errata/RHSA-2021:0336
- https://access.redhat.com/errata/RHSA-2021:0354
- https://access.redhat.com/errata/RHSA-2021:1376
- https://access.redhat.com/errata/RHSA-2021:2523
- https://access.redhat.com/security/cve/cve-2020-15436
- https://lkml.org/lkml/2020/6/7/379
- https://security.netapp.com/advisory/ntap-20201218-0002/
- https://launchpad.net/bugs/cve/CVE-2020-15436
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901169
- https://android.googlesource.com/kernel/common/+/49289b1fa5a67011
- https://source.android.com/docs/security/bulletin/2021-04-01 (Advisory)
- https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14
- https://security-tracker.debian.org/tracker/CVE-2020-15436
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436
- https://nvd.nist.gov/vuln/detail/CVE-2020-15436
- https://ubuntu.com/security/CVE-2020-15436
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-15436?
CVE-2020-15436 is classified as a moderate severity vulnerability that can lead to denial of service and potential confidentiality issues.
How do I fix CVE-2020-15436?
To fix CVE-2020-15436, update the affected kernel packages to the recommended versions or later, specifically the version 0:3.10.0-1160.15.2.rt56.1152.el7 or equivalent for your distribution.
Which systems are affected by CVE-2020-15436?
CVE-2020-15436 affects various versions of the Linux kernel and specific configurations of the Red Hat kernel and kernel-rt.
What are the potential impacts of CVE-2020-15436?
Exploiting CVE-2020-15436 may allow an attacker to cause a denial of service or potentially lead to unauthorized access to sensitive information.
Is there a specific user privilege required to exploit CVE-2020-15436?
Yes, exploiting CVE-2020-15436 requires special user privileges, making it less likely for casual users to leverage this vulnerability.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15436
- agent/last-modified-date
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/debian
- vendor/google
- canonical/android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.38
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- vendor/broadcom
- canonical/brocade fabric os
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire \& hci management node
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h615c firmware
- canonical/netapp h615c
- canonical/netapp aff a700s firmware
- canonical/netapp a700s
- canonical/netapp aff 8700
- canonical/netapp fas8700 firmware
- canonical/netapp fas8700
- canonical/netapp aff 8300 firmware
- canonical/netapp aff 8300
- canonical/netapp fas8300
- canonical/netapp aff a400
- canonical/netapp fabric-attached storage a400 firmware
- canonical/netapp fabric-attached storage a400
- canonical/netapp a250 firmware
- canonical/netapp a250
- canonical/netapp aff 500f firmware
- canonical/netapp aff 500f
- canonical/netapp fas 500f firmware
- canonical/netapp fas 500f