CVE-2020-36386

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

06 Jul 2021, 15:36

Type Values Removed Values Added
References (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - Exploit, Third Party Advisory (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - Patch, Third Party Advisory
References (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - Exploit, Patch, Third Party Advisory (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - Patch, Third Party Advisory
References (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - Third Party Advisory (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - Exploit, Third Party Advisory
CVSS v2 : 4.9
v3 : 5.5
v2 : 5.6
v3 : 7.1

14 Jun 2021, 18:57

Type Values Removed Values Added
References (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - Exploit, Patch, Third Party Advisory
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 - Mailing List, Patch, Release Notes, Vendor Advisory
References (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - Third Party Advisory
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 - Patch, Vendor Advisory
References (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - Exploit, Third Party Advisory
CWE CWE-125
CVSS v2 : unknown
v3 : unknown
v2 : 4.9
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

07 Jun 2021, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-07 20:15

Updated : 2023-12-10 13:55


NVD link : CVE-2020-36386

Mitre link : CVE-2020-36386

CVE.ORG link : CVE-2020-36386


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-125

Out-of-bounds Read