CVE-2020-15436

moderate-risk

Published 2020-11-23

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (19)

Linux Kernel

Brocade Fabric Operating System Firmware

Cloud Backup

Solidfire \& Hci Management Node

Solidfire Baseboard Management Controller Firmware

H410C Firmware

H610C Firmware

H610S Firmware

H615C Firmware

A700S Firmware

Aff 8700 Firmware

Fas 8700 Firmware

Aff 8300 Firmware

Fas 8300 Firmware

Aff A400 Firmware

Fabric-Attached Storage A400 Firmware

A250 Firmware

Aff 500F Firmware

Fas 500F Firmware

Affected Vendors

Linux Broadcom Netapp

References (4)

Exploit https://lkml.org/lkml/2020/6/7/379

Third Party Advisory https://security.netapp.com/advisory/ntap-20201218-0002/

Exploit https://lkml.org/lkml/2020/6/7/379

Third Party Advisory https://security.netapp.com/advisory/ntap-20201218-0002/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate