First published: Mon Jun 07 2021(Updated: )
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.43.1.el6 | 0:2.6.32-754.43.1.el6 |
redhat/kernel-rt | <0:3.10.0-1160.49.1.rt56.1189.el7 | 0:3.10.0-1160.49.1.rt56.1189.el7 |
redhat/kernel | <0:3.10.0-1160.49.1.el7 | 0:3.10.0-1160.49.1.el7 |
redhat/kernel | <0:3.10.0-327.102.1.el7 | 0:3.10.0-327.102.1.el7 |
redhat/kernel | <0:3.10.0-514.95.1.el7 | 0:3.10.0-514.95.1.el7 |
redhat/kernel | <0:3.10.0-693.95.1.el7 | 0:3.10.0-693.95.1.el7 |
redhat/kernel | <0:3.10.0-957.86.1.el7 | 0:3.10.0-957.86.1.el7 |
redhat/kernel | <0:3.10.0-1062.59.1.el7 | 0:3.10.0-1062.59.1.el7 |
redhat/kernel-rt | <0:4.18.0-305.25.1.rt7.97.el8_4 | 0:4.18.0-305.25.1.rt7.97.el8_4 |
redhat/kernel | <0:4.18.0-305.25.1.el8_4 | 0:4.18.0-305.25.1.el8_4 |
redhat/kernel | <0:4.18.0-147.57.1.el8_1 | 0:4.18.0-147.57.1.el8_1 |
redhat/kernel-rt | <0:4.18.0-193.70.1.rt13.120.el8_2 | 0:4.18.0-193.70.1.rt13.120.el8_2 |
redhat/kernel | <0:4.18.0-193.70.1.el8_2 | 0:4.18.0-193.70.1.el8_2 |
redhat/redhat-virtualization-host | <0:4.3.20-20211202.1.el7_9 | 0:4.3.20-20211202.1.el7_9 |
Linux Kernel | <5.10 | |
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
All of | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700E | ||
NetApp H700E | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
StarWind SAN & NAS | =v8r12 | |
StarWind Virtual SAN | =v8-build14338 | |
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
redhat/kernel | <5.10 | 5.10 |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 |
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-36385 has been identified with a severity level of high due to the potential for a use-after-free vulnerability in the Linux kernel.
To fix CVE-2020-36385, upgrade your Linux kernel to version 5.10 or later, or apply specific patched versions provided by your distribution.
CVE-2020-36385 affects Linux kernel versions prior to 5.10, including various versions in the Red Hat kernel series.
Exploiting CVE-2020-36385 may allow an attacker to execute arbitrary code in the context of the kernel, leading to system compromise.
Currently, there are no known workarounds for CVE-2020-36385, so it is recommended to upgrade to a fixed version as soon as possible.