A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue. Reference: https://lkml.org/lkml/2020/6/7/379
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1901169]
This was fixed for Fedora with the 5.7.6 stable kernel updates.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0354 https://access.redhat.com/errata/RHSA-2021:0354
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0336 https://access.redhat.com/errata/RHSA-2021:0336
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0338 https://access.redhat.com/errata/RHSA-2021:0338
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15436
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:1376 https://access.redhat.com/errata/RHSA-2021:1376
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2523 https://access.redhat.com/errata/RHSA-2021:2523