CVE-2020-36385: Use After Free
First published: Mon Jun 07 2021(Updated: )
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.43.1.el6 | 0:2.6.32-754.43.1.el6 |
| redhat/kernel-rt | <0:3.10.0-1160.49.1.rt56.1189.el7 | 0:3.10.0-1160.49.1.rt56.1189.el7 |
| redhat/kernel | <0:3.10.0-1160.49.1.el7 | 0:3.10.0-1160.49.1.el7 |
| redhat/kernel | <0:3.10.0-327.102.1.el7 | 0:3.10.0-327.102.1.el7 |
| redhat/kernel | <0:3.10.0-514.95.1.el7 | 0:3.10.0-514.95.1.el7 |
| redhat/kernel | <0:3.10.0-693.95.1.el7 | 0:3.10.0-693.95.1.el7 |
| redhat/kernel | <0:3.10.0-957.86.1.el7 | 0:3.10.0-957.86.1.el7 |
| redhat/kernel | <0:3.10.0-1062.59.1.el7 | 0:3.10.0-1062.59.1.el7 |
| redhat/kernel-rt | <0:4.18.0-305.25.1.rt7.97.el8_4 | 0:4.18.0-305.25.1.rt7.97.el8_4 |
| redhat/kernel | <0:4.18.0-305.25.1.el8_4 | 0:4.18.0-305.25.1.el8_4 |
| redhat/kernel | <0:4.18.0-147.57.1.el8_1 | 0:4.18.0-147.57.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.70.1.rt13.120.el8_2 | 0:4.18.0-193.70.1.rt13.120.el8_2 |
| redhat/kernel | <0:4.18.0-193.70.1.el8_2 | 0:4.18.0-193.70.1.el8_2 |
| redhat/redhat-virtualization-host | <0:4.3.20-20211202.1.el7_9 | 0:4.3.20-20211202.1.el7_9 |
| Linux Kernel | <5.10 | |
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| StarWind SAN & NAS | =v8r12 | |
| StarWind Virtual SAN | =v8-build14338 | |
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| redhat/kernel | <5.10 | 5.10 |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-36385 https://nvd.nist.gov/vuln/detail/CVE-2020-36385
- https://bugzilla.redhat.com/show_bug.cgi?id=1974319
- https://access.redhat.com/errata/RHSA-2022:0157
- https://access.redhat.com/errata/RHSA-2021:4779
- https://access.redhat.com/errata/RHSA-2021:4777
- https://access.redhat.com/errata/RHSA-2021:4798
- https://access.redhat.com/errata/RHSA-2021:4774
- https://access.redhat.com/errata/RHSA-2021:4768
- https://access.redhat.com/errata/RHSA-2021:4692
- https://access.redhat.com/errata/RHSA-2021:4770
- https://access.redhat.com/errata/RHSA-2021:4773
- https://access.redhat.com/errata/RHSA-2021:3987
- https://access.redhat.com/errata/RHSA-2021:4971
- https://access.redhat.com/errata/RHSA-2021:4088
- https://access.redhat.com/errata/RHSA-2021:4056
- https://access.redhat.com/errata/RHSA-2021:4122
- https://access.redhat.com/errata/RHSA-2021:4597
- https://access.redhat.com/errata/RHSA-2021:4687
- https://access.redhat.com/errata/RHSA-2021:4875
- https://access.redhat.com/errata/RHSA-2021:4859
- https://access.redhat.com/errata/RHSA-2021:4871
- https://access.redhat.com/errata/RHSA-2021:5035
- https://access.redhat.com/security/cve/cve-2020-36385
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2
- https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6
- https://security.netapp.com/advisory/ntap-20210720-0004/
- https://www.starwindsoftware.com/security/sw-20220802-0002/
- https://launchpad.net/bugs/cve/CVE-2020-36385
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1978069
- https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1
- https://security-tracker.debian.org/tracker/CVE-2020-36385
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36385
- https://nvd.nist.gov/vuln/detail/CVE-2020-36385
- https://ubuntu.com/security/CVE-2020-36385
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-36385?
CVE-2020-36385 has been identified with a severity level of high due to the potential for a use-after-free vulnerability in the Linux kernel.
How do I fix CVE-2020-36385?
To fix CVE-2020-36385, upgrade your Linux kernel to version 5.10 or later, or apply specific patched versions provided by your distribution.
Which Linux kernel versions are affected by CVE-2020-36385?
CVE-2020-36385 affects Linux kernel versions prior to 5.10, including various versions in the Red Hat kernel series.
What is the potential impact of exploiting CVE-2020-36385?
Exploiting CVE-2020-36385 may allow an attacker to execute arbitrary code in the context of the kernel, leading to system compromise.
Is there a workaround for CVE-2020-36385 if I cannot immediately upgrade?
Currently, there are no known workarounds for CVE-2020-36385, so it is recommended to upgrade to a fixed version as soon as possible.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-36385
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- vendor/netapp
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500s firmware
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- vendor/starwindsoftware
- canonical/starwind san & nas
- version/starwind san & nas/v8r12
- canonical/starwind virtual san
- version/starwind virtual san/v8-build14338
- package-manager/debian