CVE-2020-36387

Опубликовано: 07 июн. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

Ссылки

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
Mailing List
Patch
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210727-0006/
Third Party Advisory
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func
Patch
Third Party Advisory
https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b
Patch
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
Mailing List
Patch
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210727-0006/
Third Party Advisory
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func
Patch
Third Party Advisory
https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.7 (включая) до 5.7.16 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.8 (включая) до 5.8.2 (исключая)

Конфигурация 2

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2020-36387

CVSS3: 7.8

ubuntu

больше 4 лет назад

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

CVE-2020-36387

CVSS3: 8.4

redhat

больше 5 лет назад

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

CVE-2020-36387

CVSS3: 7.8

debian

больше 4 лет назад

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring. ...

GHSA-h865-4c46-jfqg

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416