CVE-2020-36385

moderate-risk

Published 2021-06-07

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (11)

Linux Kernel

H300S Firmware

H500S Firmware

H700S Firmware

H300E Firmware

H500E Firmware

H700E Firmware

H410S Firmware

H410C Firmware

Starwind San \& Nas

Starwind Virtual San

Affected Vendors

Linux Netapp Starwindsoftware

References (12)

Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5...

Third Party Advisory https://security.netapp.com/advisory/ntap-20210720-0004/

Patch https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2

Patch https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6

Third Party Advisory https://www.starwindsoftware.com/security/sw-20220802-0002/

Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5...

Third Party Advisory https://security.netapp.com/advisory/ntap-20210720-0004/

Patch https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2

Patch https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6

Third Party Advisory https://www.starwindsoftware.com/security/sw-20220802-0002/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 16/34 · Moderate