CVE-2020-15436 - Vulnerability Details

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00151.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom Subscribe	Brocade Fabric Operating System Firmware Subscribe
Linux Subscribe	Linux Kernel Subscribe
Netapp Subscribe	A250 Subscribe A250 Firmware Subscribe A700s Subscribe A700s Firmware Subscribe Aff 500f Subscribe Aff 500f Firmware Subscribe Aff 8300 Subscribe Aff 8300 Firmware Subscribe Aff 8700 Subscribe Aff 8700 Firmware Subscribe Aff A400 Subscribe Aff A400 Firmware Subscribe Cloud Backup Subscribe Fabric-attached Storage A400 Subscribe Fabric-attached Storage A400 Firmware Subscribe Fas 500f Subscribe Fas 500f Firmware Subscribe Fas 8300 Subscribe Fas 8300 Firmware Subscribe Fas 8700 Subscribe Fas 8700 Firmware Subscribe H410c Subscribe H410c Firmware Subscribe H610c Subscribe H610c Firmware Subscribe H610s Subscribe H610s Firmware Subscribe H615c Subscribe H615c Firmware Subscribe Solidfire \& Hci Management Node Subscribe Solidfire Baseboard Management Controller Subscribe Solidfire Baseboard Management Controller Firmware Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Rhel Eus Subscribe Rhel Extras Rt Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.15.2.rt56.1152.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2021:0338	2021-02-02T00:00:00Z
kernel-0:3.10.0-1160.15.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0336	2021-02-02T00:00:00Z
kernel-alt-0:4.14.0-115.35.1.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:0354	2021-02-02T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
kernel-0:3.10.0-957.72.1.el7	cpe:/o:redhat:rhel_eus:7.6	RHSA-2021:1376	2021-04-27T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
kernel-0:3.10.0-1062.51.1.el7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:2523	2021-06-22T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
kernel-0:3.10.0-957.72.1.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:1376	2021-04-27T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-7429	Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
Ubuntu USN	USN-4752-1	Linux kernel (OEM) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lkml.org/lkml/2020/6/7/379
https://nvd.nist.gov/vuln/detail/CVE-2020-15436
https://security.netapp.com/advisory/ntap-20201218-0002/
https://www.cve.org/CVERecord?id=CVE-2020-15436

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: openEuler

Published: 2020-11-23T20:08:17

Updated: 2024-08-04T13:15:20.795Z

Reserved: 2020-06-30T00:00:00

Link: CVE-2020-15436

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-23T21:15:11.813

Modified: 2024-11-21T05:05:33.167

Link: CVE-2020-15436

Redhat

Severity : Moderate

Publid Date: 2020-06-08T00:00:00Z

Links: CVE-2020-15436 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object