VDB
CVE-2020-36785
CVE-2020-36785
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the "asd->s3a_stats" list. It leads to a double free and a use after free.
EPSS 0.04% · 11.2th percentile
Risk Scores
EPSS Score
0.04%
11.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-oem-6.1 | 6.1.0-1026.26, 6.1.0-1027.27, 6.1.0-1029.29 |
| Ubuntu:22.04:LTS | linux-allwinner-5.19 | 0, 5.19.0-1013.13~22.04.1, 5.19.0-1012.12~22.04.1 |
| Ubuntu:20.04:LTS | linux-gke-5.15 | 5.15.0-1037.42~20.04.1, 5.15.0-1036.41~20.04.1, 0 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1064.73, 0, 4.15.0-1002.3 |
| Ubuntu:20.04:LTS | linux-gcp-5.13 | 5.13.0-1033.40~20.04.1, 5.13.0-1023.28~20.04.1, * |
| Ubuntu:22.04:LTS | linux-azure-6.2 | *, 6.2.0-1018.18~22.04.1, 6.2.0-1006.6~22.04.1 |
| Ubuntu:20.04:LTS | linux-riscv-5.11 | 5.11.0-1028.31~20.04.1, 0, 5.11.0-1018.19~20.04.2 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-22.24~18.04.1, 5.3.0-23.25~18.04.1, 5.3.0-23.25~18.04.2 |
| Ubuntu:22.04:LTS | linux-azure-fde-5.19 | 5.19.0-1027.30~22.04.2.1, 5.19.0-1025.28~22.04.1.1, 0 |
| Ubuntu:22.04:LTS | linux-aws-6.2 | *, 6.2.0-1005.5~22.04.1, 6.2.0-1007.7~22.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1007.8, 5.3.0-1014.16, 5.3.0-1015.17 |
| Ubuntu:22.04:LTS | linux-riscv-5.19 | 5.19.0-1015.16~22.04.1, 5.19.0-1012.13~22.04.1, 0 |
| Ubuntu:20.04:LTS | linux-azure-5.11 | 5.11.0-1028.31~20.04.2, 5.11.0-1007.7~20.04.2, 5.11.0-1012.13~20.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.13 | 5.13.0-1012.16, 5.13.0-1019.23, 5.13.0-1020.24 |
| Ubuntu:20.04:LTS | linux-hwe-5.8 | 5.8.0-38.43~20.04.1, 5.8.0-34.37~20.04.2, 5.8.0-33.36~20.04.1 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1019.22, 5.15.0-1020.23, 5.15.0-1022.26 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 5.3.0-1019.20~18.04.1, 5.3.0-1035.36, 5.3.0-1034.35~18.04.1 |
| Ubuntu:22.04:LTS | linux-azure-5.19 | *, 0, 5.19.0-1022.23~22.04.1 |
| Ubuntu:20.04:LTS | linux-azure-5.8 | 5.8.0-1041.44~20.04.1, 5.8.0-1042.45~20.04.1, * |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1042.44, 5.4.0-1041.43, 5.4.0-1039.41 |
…and 44 more
Exploit Intelligence
- https://git.kernel.org/stable/c/d218c7a0284f6b92a7b82d2e19706e18663b4193 (circl)
- https://git.kernel.org/stable/c/801c1d505894008c888bc71d08d5cff5d87f8aba (circl)
- https://git.kernel.org/stable/c/8267ccd7b9df7ab682043507dd682fe0621cf045 (circl)
- https://git.kernel.org/stable/c/ba11bbf303fafb33989e95473e409f6ab412b18d (circl)
Timeline
- Feb 28, 2024 CVE Published
- Feb 29, 2024 EPSS Score
- Mar 27, 2024 EPSS Score
- Apr 22, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 11, 2024 EPSS Score
- Aug 7, 2024 EPSS Score
- Sep 2, 2024 EPSS Score
- Sep 29, 2024 EPSS Score
- Oct 25, 2024 EPSS Score
- Nov 21, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36785 third-party-advisory
- https://git.kernel.org/linus/ba11bbf303fafb33989e95473e409f6ab412b18d third-party-advisory
- https://git.kernel.org/stable/c/d218c7a0284f6b92a7b82d2e19706e18663b4193 third-party-advisory
- https://git.kernel.org/stable/c/801c1d505894008c888bc71d08d5cff5d87f8aba third-party-advisory
- https://git.kernel.org/stable/c/8267ccd7b9df7ab682043507dd682fe0621cf045 third-party-advisory
- https://git.kernel.org/stable/c/ba11bbf303fafb33989e95473e409f6ab412b18d third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36785 third-party-advisory