CVE-2020-15436

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-15436
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://lkml.org/lkml/2020/6/7/379 Exploit Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20201218-0002/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
History

19 Oct 2022, 14:50

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
First Time Netapp solidfire Baseboard Management Controller Firmware
Netapp aff 500f Firmware
Netapp a700s
Netapp aff A400
Netapp a250
Netapp fas 8300 Firmware
Netapp cloud Backup
Netapp solidfire \& Hci Management Node
Netapp aff 8300
Broadcom brocade Fabric Operating System Firmware
Netapp a250 Firmware
Netapp solidfire Baseboard Management Controller
Netapp h410c Firmware
Netapp aff 500f
Netapp a700s Firmware
Netapp h610c Firmware
Netapp h615c
Netapp fabric-attached Storage A400 Firmware
Netapp fabric-attached Storage A400
Netapp aff 8700
Netapp fas 8700
Netapp fas 500f
Broadcom
Netapp h610c
Netapp h610s Firmware
Netapp aff 8700 Firmware
Netapp h610s
Netapp fas 8700 Firmware
Netapp h615c Firmware
Netapp aff 8300 Firmware
Netapp fas 8300
Netapp h410c
Netapp aff A400 Firmware
Netapp
Netapp fas 500f Firmware
References (CONFIRM) https://security.netapp.com/advisory/ntap-20201218-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20201218-0002/ - Third Party Advisory
Information

Published : 2020-11-23 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-15436

Mitre link : CVE-2020-15436

CVE.ORG link : CVE-2020-15436

JSON object : View

Products Affected

netapp

  • fas_8300_firmware
  • h615c_firmware
  • a250
  • h610c
  • a700s
  • cloud_backup
  • h610s
  • aff_a400_firmware
  • fas_8700_firmware
  • aff_8700_firmware
  • fas_8700
  • solidfire_baseboard_management_controller_firmware
  • aff_8700
  • solidfire_\&_hci_management_node
  • fas_500f
  • fas_500f_firmware
  • a700s_firmware
  • fabric-attached_storage_a400
  • h610s_firmware
  • a250_firmware
  • h410c_firmware
  • h610c_firmware
  • h410c
  • aff_a400
  • aff_500f_firmware
  • aff_8300_firmware
  • h615c
  • solidfire_baseboard_management_controller
  • aff_500f
  • fabric-attached_storage_a400_firmware
  • fas_8300
  • aff_8300

linux

  • linux_kernel

broadcom

  • brocade_fabric_operating_system_firmware
CWE
CWE-416

Use After Free