Bug 1901168 (CVE-2020-15436) - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c
Summary: CVE-2020-15436 kernel: use-after-free in fs/block_dev.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15436
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1930196 1901169 1902414 1902415 1902416 1930197 1931876 1931877
Blocks: 1901170
TreeView+ depends on / blocked
 
Reported: 2020-11-24 16:29 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-04-29 16:50 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue.
Clone Of:
Environment:
Last Closed: 2021-02-02 14:41:53 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0336 0 None None None 2021-02-02 12:00:43 UTC
Red Hat Product Errata RHSA-2021:0338 0 None None None 2021-02-02 12:02:20 UTC
Red Hat Product Errata RHSA-2021:0354 0 None None None 2021-02-02 10:11:44 UTC

Description Guilherme de Almeida Suckevicz 2020-11-24 16:29:05 UTC
A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue.

Reference:
https://lkml.org/lkml/2020/6/7/379

Comment 1 Guilherme de Almeida Suckevicz 2020-11-24 16:30:07 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1901169]

Comment 2 Justin M. Forbes 2020-11-25 14:50:39 UTC
This was fixed for Fedora with the 5.7.6 stable kernel updates.

Comment 5 Rohit Keshri 2020-11-28 16:51:05 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 8 errata-xmlrpc 2021-02-02 10:11:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0354 https://access.redhat.com/errata/RHSA-2021:0354

Comment 9 errata-xmlrpc 2021-02-02 12:00:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0336 https://access.redhat.com/errata/RHSA-2021:0336

Comment 10 errata-xmlrpc 2021-02-02 12:02:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0338 https://access.redhat.com/errata/RHSA-2021:0338

Comment 11 Product Security DevOps Team 2021-02-02 14:41:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15436

Comment 14 errata-xmlrpc 2021-04-27 08:31:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:1376 https://access.redhat.com/errata/RHSA-2021:1376


Note You need to log in before you can comment on or make changes to this bug.