VDB
CVE-2020-36557
CVE-2020-36557
PUBLISHED
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
EPSS 0.02% · 7.2th percentile
Risk Scores
EPSS Score
0.02%
7.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-aws-hwe | 4.15.0-1039.41~16.04.1, 4.15.0-1036.38~16.04.1, 4.15.0-1035.37~16.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1044.47, 4.4.0-1045.48, 4.4.0-1046.50 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1013.15, 4.15.0-1037.41, 4.15.0-1035.39 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.15.0-15.16~16.04.1, 4.15.0-20.21~16.04.1, 4.15.0-23.25~16.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1014.16, 5.3.0-1007.8, 0 |
| Ubuntu:20.04:LTS | linux-oem-5.13 | 5.13.0-1010.11, 5.13.0-1026.32, 5.13.0-1020.24 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-fips | 4.15.0-1027.32, 0 |
| Ubuntu:16.04:LTS | linux-azure | 4.15.0-1067.72, 0, 4.15.0-1066.71 |
| Ubuntu:20.04:LTS | linux-oracle-5.13 | 5.13.0-1021.26~20.04.1, 5.13.0-1018.22~20.04.1, 5.13.0-1015.19~20.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1052.57~14.04.1, 4.15.0-1050.55~14.04.1, 4.15.0-1049.54~14.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1013.13, 5.6.0-1036.39, 5.6.0-1007.7 |
| Ubuntu:20.04:LTS | linux-gcp-5.11 | 5.11.0-1022.24~20.04.1, 5.11.0-1024.26~20.04.1, 5.11.0-1023.25~20.04.1 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0 |
| Ubuntu:18.04:LTS | linux-gkeop-5.4 | 5.4.0-1048.51~18.04.1, 0, 5.4.0-1001.1 |
| Ubuntu:20.04:LTS | linux-oracle-5.8 | 5.8.0-1031.32~20.04.2, 5.8.0-1033.34~20.04.1, * |
| Ubuntu:20.04:LTS | linux-azure-5.8 | 0, 5.8.0-1040.43~20.04.1, 5.8.0-1039.42~20.04.1 |
| Ubuntu:16.04:LTS | linux-oracle | *, 4.15.0-1007.9~16.04.1, 0 |
| Ubuntu:20.04:LTS | linux-oracle-5.11 | 5.11.0-1013.14~20.04.1, 5.11.0-1016.17~20.04.1, 5.11.0-1008.8~20.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.0.0-17.18~18.04.1, *, 5.3.0-24.26~18.04.2 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-azure-fips | 0, 4.15.0-1002.2 |
…and 49 more
Exploit Intelligence
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
Timeline
- Jul 20, 2022 CVE Published
- Jul 21, 2022 EPSS Score
- Jul 28, 2022 CVE Updated
- Sep 6, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 9, 2022 EPSS Score
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 28, 2023 EPSS Score
- Jun 14, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36557 third-party-advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2 third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36557 third-party-advisory