{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-36385", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T17:23:10.459Z", "dateReserved": "2021-06-07T00:00:00", "datePublished": "2021-06-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6"}, {"url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10"}, {"url": "https://security.netapp.com/advisory/ntap-20210720-0004/"}, {"url": "https://www.starwindsoftware.com/security/sw-20220802-0002/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:10.459Z"}, "title": "CVE Program Container", "references": [{"url": "https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6", "tags": ["x_transferred"]}, {"url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1", "tags": ["x_transferred"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20210720-0004/", "tags": ["x_transferred"]}, {"url": "https://www.starwindsoftware.com/security/sw-20220802-0002/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D61CA62B-157A-4415-B8FD-7C3C1208315D", "versionEndExcluding": "5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:starwindsoftware:starwind_san_\\&_nas:v8r12:*:*:*:*:*:*:*", "matchCriteriaId": "45D7C2A6-CA6B-44DB-818D-BC2BE89E93D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*", "matchCriteriaId": "14AF427F-BC75-40C7-9579-34A74E2E475D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c."}, {"lang": "es", "value": "Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.10. El archivo drivers/infiniband/core/ucma.c, presenta un uso de la memoria previamente liberada porque el ctx es alcanzado por medio de la funci\u00f3n ctx_list en algunas situaciones donde la funci\u00f3n ucma_migrate_id en que la funci\u00f3n ucma_close, es llamada tambi\u00e9n se conoce como CID-f5449e74802c"}], "id": "CVE-2020-36385", "lastModified": "2022-10-25T16:42:56.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-07T12:15:08.417", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210720-0004/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.starwindsoftware.com/security/sw-20220802-0002/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0157", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "kernel-0:2.6.32-754.43.1.el6", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:4779", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.49.1.rt56.1189.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4777", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.49.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4798", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4774", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.102.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4768", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.95.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4692", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.95.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-11-16T00:00:00Z"}, {"advisory": "RHSA-2021:4770", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.86.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4770", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.86.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4770", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.86.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:4773", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:4971", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2021-12-07T00:00:00Z"}, {"advisory": "RHSA-2021:4088", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.25.1.rt7.97.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-02T00:00:00Z"}, {"advisory": "RHSA-2021:4056", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.25.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-02T00:00:00Z"}, {"advisory": "RHSA-2021:4122", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-03T00:00:00Z"}, {"advisory": "RHSA-2021:4597", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-11-10T00:00:00Z"}, {"advisory": "RHSA-2021:4687", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kernel-0:4.18.0-147.57.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-11-16T00:00:00Z"}, {"advisory": "RHSA-2021:4875", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.70.1.rt13.120.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-11-30T00:00:00Z"}, {"advisory": "RHSA-2021:4859", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-11-30T00:00:00Z"}, {"advisory": "RHSA-2021:4871", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.70.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-11-30T00:00:00Z"}, {"advisory": "RHSA-2021:5035", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.20-20211202.1.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-12-08T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free", "id": "1974319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974319"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.", "An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-36385", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36385\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36385"], "threat_severity": "Important", "upstream_fix": "kernel 5.10"}