Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
Mend Note: After conducting further research, Mend has determined that versions v2.6.12-rc2 through v4.4.228, v4.5-rc1 through v4.9.228, v4.10-rc1 through v4.14.185, v4.15-rc1 through v4.19.129, v5.0-rc1 through v5.4.48, v5.5-rc1 through v5.7.5 and v5.8-rc1 of Linux Kernel are vulnerable to CVE-2020-15436.
CVE-2020-15436 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
Vulnerable Source Files (2)
/fs/block_dev.c /fs/block_dev.c
Vulnerability Details
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Mend Note: After conducting further research, Mend has determined that versions v2.6.12-rc2 through v4.4.228, v4.5-rc1 through v4.9.228, v4.10-rc1 through v4.14.185, v4.15-rc1 through v4.19.129, v5.0-rc1 through v5.4.48, v5.5-rc1 through v5.7.5 and v5.8-rc1 of Linux Kernel are vulnerable to CVE-2020-15436.
Publish Date: 2020-11-23
URL: CVE-2020-15436
CVSS 3 Score Details (6.7)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-15436
Release Date: 2020-11-23
Fix Resolution: v4.4.229, v4.9.229, v4.14.186, v4.19.130, v5.4.49, v5.7.6, v5.8-rc2
Step up your Open Source Security Game with Mend here