CVE-2020-15436: Use After Free
First published: Mon Jun 08 2020(Updated: )
A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue.
Credit: securities@openeuler.org securities@openeuler.org securities@openeuler.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.15.2.rt56.1152.el7 | 0:3.10.0-1160.15.2.rt56.1152.el7 |
| redhat/kernel | <0:3.10.0-1160.15.2.el7 | 0:3.10.0-1160.15.2.el7 |
| redhat/kernel-alt | <0:4.14.0-115.35.1.el7a | 0:4.14.0-115.35.1.el7a |
| redhat/kernel | <0:3.10.0-957.72.1.el7 | 0:3.10.0-957.72.1.el7 |
| redhat/kernel | <0:3.10.0-1062.51.1.el7 | 0:3.10.0-1062.51.1.el7 |
| Google Android | ||
| ubuntu/linux | <4.15.0-115.116 | 4.15.0-115.116 |
| ubuntu/linux | <5.4.0-45.49 | 5.4.0-45.49 |
| ubuntu/linux | <5.8~ | 5.8~ |
| ubuntu/linux | <4.4.0-187.217 | 4.4.0-187.217 |
| ubuntu/linux-aws | <4.15.0-1080.84 | 4.15.0-1080.84 |
| ubuntu/linux-aws | <5.4.0-1022.22 | 5.4.0-1022.22 |
| ubuntu/linux-aws | <5.8~ | 5.8~ |
| ubuntu/linux-aws | <4.4.0-1112.124 | 4.4.0-1112.124 |
| ubuntu/linux-aws-5.0 | <5.8~ | 5.8~ |
| ubuntu/linux-aws-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-aws-5.4 | <5.4.0-1022.22~18.04.1 | 5.4.0-1022.22~18.04.1 |
| ubuntu/linux-aws-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-aws-hwe | <5.8~ | 5.8~ |
| ubuntu/linux-aws-hwe | <4.15.0-1080.84~16.04.1 | 4.15.0-1080.84~16.04.1 |
| ubuntu/linux-azure | <5.4.0-1023.23 | 5.4.0-1023.23 |
| ubuntu/linux-azure | <5.8~ | 5.8~ |
| ubuntu/linux-azure | <4.15.0-1093.103~16.04.1 | 4.15.0-1093.103~16.04.1 |
| ubuntu/linux-azure-4.15 | <4.15.0-1093.103 | 4.15.0-1093.103 |
| ubuntu/linux-azure-4.15 | <5.8~ | 5.8~ |
| ubuntu/linux-azure-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-azure-5.4 | <5.4.0-1023.23~18.04.1 | 5.4.0-1023.23~18.04.1 |
| ubuntu/linux-azure-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-azure-edge | <5.8~ | 5.8~ |
| ubuntu/linux-dell300x | <5.8~ | 5.8~ |
| ubuntu/linux-gcp | <5.4.0-1022.22 | 5.4.0-1022.22 |
| ubuntu/linux-gcp | <5.8~ | 5.8~ |
| ubuntu/linux-gcp | <4.15.0-1081.92~16.04.1 | 4.15.0-1081.92~16.04.1 |
| ubuntu/linux-gcp-4.15 | <4.15.0-1081.92 | 4.15.0-1081.92 |
| ubuntu/linux-gcp-4.15 | <5.8~ | 5.8~ |
| ubuntu/linux-gcp-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-gcp-5.4 | <5.4.0-1022.22~18.04.1 | 5.4.0-1022.22~18.04.1 |
| ubuntu/linux-gcp-edge | <5.8~ | 5.8~ |
| ubuntu/linux-gke-4.15 | <4.15.0-1067.70 | 4.15.0-1067.70 |
| ubuntu/linux-gke-4.15 | <5.8~ | 5.8~ |
| ubuntu/linux-gke-5.0 | <5.0.0-1046.47 | 5.0.0-1046.47 |
| ubuntu/linux-gke-5.0 | <5.8~ | 5.8~ |
| ubuntu/linux-gke-5.3 | <5.3.0-1033.35 | 5.3.0-1033.35 |
| ubuntu/linux-gke-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-gke-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-gkeop | <5.8~ | 5.8~ |
| ubuntu/linux-gkeop-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-hwe | <5.8~ | 5.8~ |
| ubuntu/linux-hwe | <4.15.0-115.116~16.04.1 | 4.15.0-115.116~16.04.1 |
| ubuntu/linux-hwe-5.4 | <5.4.0-45.49~18.04.2 | 5.4.0-45.49~18.04.2 |
| ubuntu/linux-hwe-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-hwe-5.8 | <5.8~ | 5.8~ |
| ubuntu/linux-hwe-edge | <5.8~ | 5.8~ |
| ubuntu/linux-kvm | <4.15.0-1072.73 | 4.15.0-1072.73 |
| ubuntu/linux-kvm | <5.4.0-1021.21 | 5.4.0-1021.21 |
| ubuntu/linux-kvm | <5.8~ | 5.8~ |
| ubuntu/linux-kvm | <4.4.0-1078.85 | 4.4.0-1078.85 |
| ubuntu/linux-lts-trusty | <5.8~ | 5.8~ |
| ubuntu/linux-lts-xenial | <5.8~ | 5.8~ |
| ubuntu/linux-oem | <4.15.0-1094.104 | 4.15.0-1094.104 |
| ubuntu/linux-oem | <5.8~ | 5.8~ |
| ubuntu/linux-oem-5.10 | <5.8~ | 5.8~ |
| ubuntu/linux-oem-5.6 | <5.6.0-1048.52 | 5.6.0-1048.52 |
| ubuntu/linux-oem-5.6 | <5.8~ | 5.8~ |
| ubuntu/linux-oem-osp1 | <5.8~ | 5.8~ |
| ubuntu/linux-oracle | <4.15.0-1051.55 | 4.15.0-1051.55 |
| ubuntu/linux-oracle | <5.4.0-1022.22 | 5.4.0-1022.22 |
| ubuntu/linux-oracle | <5.8~ | 5.8~ |
| ubuntu/linux-oracle | <4.15.0-1051.55~16.04.1 | 4.15.0-1051.55~16.04.1 |
| ubuntu/linux-oracle-5.0 | <5.8~ | 5.8~ |
| ubuntu/linux-oracle-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-oracle-5.4 | <5.4.0-1022.22~18.04.1 | 5.4.0-1022.22~18.04.1 |
| ubuntu/linux-raspi | <5.4.0-1016.17 | 5.4.0-1016.17 |
| ubuntu/linux-raspi | <5.8~ | 5.8~ |
| ubuntu/linux-raspi-5.4 | <5.4.0-1016.17~18.04.1 | 5.4.0-1016.17~18.04.1 |
| ubuntu/linux-raspi-5.4 | <5.8~ | 5.8~ |
| ubuntu/linux-raspi2 | <4.15.0-1068.72 | 4.15.0-1068.72 |
| ubuntu/linux-raspi2 | <5.8~ | 5.8~ |
| ubuntu/linux-raspi2 | <4.4.0-1137.146 | 4.4.0-1137.146 |
| ubuntu/linux-raspi2-5.3 | <5.3.0-1032.34 | 5.3.0-1032.34 |
| ubuntu/linux-raspi2-5.3 | <5.8~ | 5.8~ |
| ubuntu/linux-riscv | <5.4.0-31.35 | 5.4.0-31.35 |
| ubuntu/linux-riscv | <5.8~ | 5.8~ |
| ubuntu/linux-snapdragon | <4.15.0-1084.92 | 4.15.0-1084.92 |
| ubuntu/linux-snapdragon | <5.8~ | 5.8~ |
| ubuntu/linux-snapdragon | <4.4.0-1141.149 | 4.4.0-1141.149 |
| Linux Linux kernel | >=2.6.38<4.4.229 | |
| Linux Linux kernel | >=4.5<4.9.229 | |
| Linux Linux kernel | >=4.10<4.14.186 | |
| Linux Linux kernel | >=4.15<4.19.130 | |
| Linux Linux kernel | >=4.20<5.4.49 | |
| Linux Linux kernel | >=5.5<5.7.6 | |
| Broadcom Brocade Fabric Operating System Firmware | ||
| Netapp Cloud Backup | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Solidfire Baseboard Management Controller | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| Netapp Aff 8700 Firmware | ||
| Netapp Aff 8700 | ||
| Netapp Fas 8700 Firmware | ||
| Netapp Fas 8700 | ||
| Netapp Aff 8300 Firmware | ||
| Netapp Aff 8300 | ||
| Netapp Fas 8300 Firmware | ||
| Netapp Fas 8300 | ||
| Netapp Aff A400 Firmware | ||
| Netapp Aff A400 | ||
| Netapp Fabric-attached Storage A400 Firmware | ||
| Netapp Fabric-attached Storage A400 | ||
| Netapp A250 Firmware | ||
| Netapp A250 | ||
| Netapp Aff 500f Firmware | ||
| Netapp Aff 500f | ||
| Netapp Fas 500f Firmware | ||
| Netapp Fas 500f | ||
| All of | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Solidfire Baseboard Management Controller | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| All of | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| All of | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| All of | ||
| Netapp Aff 8700 Firmware | ||
| Netapp Aff 8700 | ||
| All of | ||
| Netapp Fas 8700 Firmware | ||
| Netapp Fas 8700 | ||
| All of | ||
| Netapp Aff 8300 Firmware | ||
| Netapp Aff 8300 | ||
| All of | ||
| Netapp Fas 8300 Firmware | ||
| Netapp Fas 8300 | ||
| All of | ||
| Netapp Aff A400 Firmware | ||
| Netapp Aff A400 | ||
| All of | ||
| Netapp Fabric-attached Storage A400 Firmware | ||
| Netapp Fabric-attached Storage A400 | ||
| All of | ||
| Netapp A250 Firmware | ||
| Netapp A250 | ||
| All of | ||
| Netapp Aff 500f Firmware | ||
| Netapp Aff 500f | ||
| All of | ||
| Netapp Fas 500f Firmware | ||
| Netapp Fas 500f | ||
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-15436 https://nvd.nist.gov/vuln/detail/CVE-2020-15436
- https://bugzilla.redhat.com/show_bug.cgi?id=1901168
- https://access.redhat.com/errata/RHSA-2021:0338
- https://access.redhat.com/errata/RHSA-2021:0336
- https://access.redhat.com/errata/RHSA-2021:0354
- https://access.redhat.com/errata/RHSA-2021:1376
- https://access.redhat.com/errata/RHSA-2021:2523
- https://access.redhat.com/security/cve/cve-2020-15436
- https://lkml.org/lkml/2020/6/7/379
- https://security.netapp.com/advisory/ntap-20201218-0002/
- https://launchpad.net/bugs/cve/CVE-2020-15436
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1901169
- https://android.googlesource.com/kernel/common/+/49289b1fa5a67011
- https://source.android.com/docs/security/bulletin/2021-04-01 (Advisory)
- https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14
- https://security-tracker.debian.org/tracker/CVE-2020-15436
- https://ubuntu.com/security/notices/USN-4752-1
- https://www.cve.org/CVERecord?id=CVE-2020-15436
- https://nvd.nist.gov/vuln/detail/CVE-2020-15436
- https://git.kernel.org/linus/77ea887e433ad8389d416826936c110fa7910f80
- https://ubuntu.com/security/CVE-2020-15436
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15436
- agent/first-publish-date
- collector/android-source
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-api
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- vendor/google
- canonical/google android
- package-manager/ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.38
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- vendor/broadcom
- canonical/broadcom brocade fabric operating system firmware
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire \& hci management node
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h615c firmware
- canonical/netapp h615c
- canonical/netapp a700s firmware
- canonical/netapp a700s
- canonical/netapp aff 8700 firmware
- canonical/netapp aff 8700
- canonical/netapp fas 8700 firmware
- canonical/netapp fas 8700
- canonical/netapp aff 8300 firmware
- canonical/netapp aff 8300
- canonical/netapp fas 8300 firmware
- canonical/netapp fas 8300
- canonical/netapp aff a400 firmware
- canonical/netapp aff a400
- canonical/netapp fabric-attached storage a400 firmware
- canonical/netapp fabric-attached storage a400
- canonical/netapp a250 firmware
- canonical/netapp a250
- canonical/netapp aff 500f firmware
- canonical/netapp aff 500f
- canonical/netapp fas 500f firmware
- canonical/netapp fas 500f