#VU58332 Use-after-free in Linux kernel


Published: 2021-11-23 | Updated: 2021-12-06

Vulnerability identifier: #VU58332

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-36385

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/infiniband/core/ucma.c, because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1
http://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in Junos Space
Multiple vulnerabilities in IBM Netezza Host Management
Multiple vulnerabilities in IBM Netezza Host Management
Red Hat Enterprise Linux 6 Extended Lifecycle Support update for kernel
Red Hat Virtualization 4 update for redhat-release-virtualization-host and redhat-virtualization-host
Red Hat Enterprise Linux Server 7.7 update for kpatch-patch
Red Hat Enterprise Linux 8.2 update for kernel
CentOS 7 update for kernel
Red Hat Enterprise Linux 8.2 update for kpatch-patch