Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00115.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Broadcom
  • Brocade Fabric Operating System Firmware
Linux
  • Linux Kernel
Netapp
  • A250
  • A250 Firmware
  • A700s
  • A700s Firmware
  • Aff 500f
  • Aff 500f Firmware
  • Aff 8300
  • Aff 8300 Firmware
  • Aff 8700
  • Aff 8700 Firmware
  • Aff A400
  • Aff A400 Firmware
  • Cloud Backup
  • Fabric-attached Storage A400
  • Fabric-attached Storage A400 Firmware
  • Fas 500f
  • Fas 500f Firmware
  • Fas 8300
  • Fas 8300 Firmware
  • Fas 8700
  • Fas 8700 Firmware
  • H410c
  • H410c Firmware
  • H610c
  • H610c Firmware
  • H610s
  • H610s Firmware
  • H615c
  • H615c Firmware
  • Solidfire \& Hci Management Node
  • Solidfire Baseboard Management Controller
  • Solidfire Baseboard Management Controller Firmware
Redhat
  • Enterprise Linux
  • Rhel Eus
  • Rhel Extras Rt

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.15.2.rt56.1152.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2021:0338 2021-02-02T00:00:00Z
kernel-0:3.10.0-1160.15.2.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2021:0336 2021-02-02T00:00:00Z
kernel-alt-0:4.14.0-115.35.1.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2021:0354 2021-02-02T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
kernel-0:3.10.0-957.72.1.el7 cpe:/o:redhat:rhel_eus:7.6 RHSA-2021:1376 2021-04-27T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
kernel-0:3.10.0-1062.51.1.el7 cpe:/o:redhat:rhel_eus:7.7 RHSA-2021:2523 2021-06-22T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
kernel-0:3.10.0-957.72.1.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2021:1376 2021-04-27T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-7429 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
Ubuntu USN Ubuntu USN USN-4752-1 Linux kernel (OEM) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://lkml.org/lkml/2020/6/7/379 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-15436 cve-icon
https://security.netapp.com/advisory/ntap-20201218-0002/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-15436 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: openEuler

Published:

Updated: 2024-08-04T13:15:20.795Z

Reserved: 2020-06-30T00:00:00

Link: CVE-2020-15436

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-23T21:15:11.813

Modified: 2024-11-21T05:05:33.167

Link: CVE-2020-15436

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-06-08T00:00:00Z

Links: CVE-2020-15436 - Bugzilla

cve-icon OpenCVE Enrichment

No data.