Bug 1974319 (CVE-2020-36385) - CVE-2020-36385 kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
Summary: CVE-2020-36385 kernel: use-after-free in drivers/infiniband/core/ucma.c ctx u...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-36385
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1978244 1978062 1978063 1978064 1978065 1978066 1978067 1978068 1978069 1978070 1978071 1978072 1978073 1978074 1978075 1978077 1978108 1978243 1978245 1978246 1978519 1981701 1981702 1981703 1981704 1981705 1981706 1982040 1982041
Blocks: 1974320
TreeView+ depends on / blocked
 
Reported: 2021-06-21 11:17 UTC by Marian Rehak
Modified: 2022-01-18 08:47 UTC (History)
62 users (show)

Fixed In Version: kernel 5.10
Doc Type: If docs needed, set a value
Doc Text:
An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges.
Clone Of:
Environment:
Last Closed: 2021-10-26 08:08:01 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:4847 0 None None None 2021-11-29 14:25:55 UTC
Red Hat Product Errata RHBA-2022:0005 0 None None None 2022-01-03 14:36:17 UTC
Red Hat Product Errata RHSA-2021:3987 0 None None None 2021-10-26 07:38:04 UTC
Red Hat Product Errata RHSA-2021:4056 0 None None None 2021-11-02 08:42:57 UTC
Red Hat Product Errata RHSA-2021:4088 0 None None None 2021-11-02 09:52:22 UTC
Red Hat Product Errata RHSA-2021:4122 0 None None None 2021-11-03 16:12:54 UTC
Red Hat Product Errata RHSA-2021:4597 0 None None None 2021-11-10 09:11:51 UTC
Red Hat Product Errata RHSA-2021:4687 0 None None None 2021-11-16 08:10:30 UTC
Red Hat Product Errata RHSA-2021:4692 0 None None None 2021-11-16 10:47:54 UTC
Red Hat Product Errata RHSA-2021:4768 0 None None None 2021-11-23 10:58:00 UTC
Red Hat Product Errata RHSA-2021:4770 0 None None None 2021-11-23 12:45:48 UTC
Red Hat Product Errata RHSA-2021:4773 0 None None None 2021-11-23 14:33:39 UTC
Red Hat Product Errata RHSA-2021:4774 0 None None None 2021-11-23 15:09:08 UTC
Red Hat Product Errata RHSA-2021:4777 0 None None None 2021-11-23 17:13:28 UTC
Red Hat Product Errata RHSA-2021:4779 0 None None None 2021-11-23 17:14:02 UTC
Red Hat Product Errata RHSA-2021:4798 0 None None None 2021-11-23 15:56:20 UTC
Red Hat Product Errata RHSA-2021:4859 0 None None None 2021-11-30 14:23:49 UTC
Red Hat Product Errata RHSA-2021:4871 0 None None None 2021-11-30 15:52:46 UTC
Red Hat Product Errata RHSA-2021:4875 0 None None None 2021-11-30 15:36:23 UTC
Red Hat Product Errata RHSA-2021:4971 0 None None None 2021-12-07 08:32:02 UTC
Red Hat Product Errata RHSA-2021:5035 0 None None None 2021-12-08 18:28:57 UTC
Red Hat Product Errata RHSA-2022:0157 0 None None None 2022-01-18 08:47:48 UTC

Description Marian Rehak 2021-06-21 11:17:56 UTC 
An issue was discovered in the Linux kernels  Userspace Connection Manager Access for RDMA.  The UCMA has a use-after-free condition, when the end of ctx is reached via the ctx_list in some  situations in ucma_migrate_id where ucma_close is called.  This could allow a local attacker to crash the system when using a crafted attack.


External Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1
Comment 3 Wade Mealing 2021-07-01 05:39:41 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1978069]
Comment 8 Justin M. Forbes 2021-07-01 13:47:54 UTC 
This was fixed for Fedora with the 5.10.x kernel rebases.
Comment 15 Wade Mealing 2021-07-14 04:47:58 UTC 
Trackers made.
Comment 17 errata-xmlrpc 2021-10-26 07:38:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:3987 https://access.redhat.com/errata/RHSA-2021:3987
Comment 18 Product Security DevOps Team 2021-10-26 08:08:01 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-36385
Comment 19 errata-xmlrpc 2021-11-02 08:42:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4056 https://access.redhat.com/errata/RHSA-2021:4056
Comment 20 errata-xmlrpc 2021-11-02 09:52:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4088 https://access.redhat.com/errata/RHSA-2021:4088
Comment 21 errata-xmlrpc 2021-11-03 16:12:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4122 https://access.redhat.com/errata/RHSA-2021:4122
Comment 22 errata-xmlrpc 2021-11-10 09:11:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:4597 https://access.redhat.com/errata/RHSA-2021:4597
Comment 23 errata-xmlrpc 2021-11-16 08:10:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:4687 https://access.redhat.com/errata/RHSA-2021:4687
Comment 24 errata-xmlrpc 2021-11-16 10:47:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2021:4692 https://access.redhat.com/errata/RHSA-2021:4692
Comment 25 errata-xmlrpc 2021-11-23 10:57:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:4768 https://access.redhat.com/errata/RHSA-2021:4768
Comment 26 errata-xmlrpc 2021-11-23 12:45:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:4770 https://access.redhat.com/errata/RHSA-2021:4770
Comment 27 errata-xmlrpc 2021-11-23 14:33:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2021:4773 https://access.redhat.com/errata/RHSA-2021:4773
Comment 28 errata-xmlrpc 2021-11-23 15:09:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:4774 https://access.redhat.com/errata/RHSA-2021:4774
Comment 29 errata-xmlrpc 2021-11-23 15:56:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4798 https://access.redhat.com/errata/RHSA-2021:4798
Comment 31 errata-xmlrpc 2021-11-23 17:13:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4777 https://access.redhat.com/errata/RHSA-2021:4777
Comment 32 errata-xmlrpc 2021-11-23 17:13:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4779 https://access.redhat.com/errata/RHSA-2021:4779
Comment 33 errata-xmlrpc 2021-11-30 14:23:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4859 https://access.redhat.com/errata/RHSA-2021:4859
Comment 34 errata-xmlrpc 2021-11-30 15:36:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4875 https://access.redhat.com/errata/RHSA-2021:4875
Comment 35 errata-xmlrpc 2021-11-30 15:52:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4871 https://access.redhat.com/errata/RHSA-2021:4871
Comment 36 errata-xmlrpc 2021-12-07 08:32:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2021:4971 https://access.redhat.com/errata/RHSA-2021:4971
Comment 37 errata-xmlrpc 2021-12-08 18:28:54 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:5035 https://access.redhat.com/errata/RHSA-2021:5035
Comment 38 errata-xmlrpc 2022-01-18 08:47:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:0157 https://access.redhat.com/errata/RHSA-2022:0157
Note You need to log in before you can comment on or make changes to this bug.