CVE-2020-12464
kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925.
A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a special user or root privileges to crash the system due to a race problem in the scatter-gather cancellation and transfer completion in usb_sg_wait. This vulnerability can also lead to a leak of internal kernel information.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-29 CVE Reserved
- 2020-04-29 CVE Published
- 2024-06-24 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200608-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://lkml.org/lkml/2020/3/23/52 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | 2023-10-12 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 | 2023-10-12 | |
| https://usn.ubuntu.com/4387-1 | 2023-10-12 | |
| https://usn.ubuntu.com/4388-1 | 2023-10-12 | |
| https://usn.ubuntu.com/4389-1 | 2023-10-12 | |
| https://usn.ubuntu.com/4390-1 | 2023-10-12 | |
| https://usn.ubuntu.com/4391-1 | 2023-10-12 | |
| https://www.debian.org/security/2020/dsa-4698 | 2023-10-12 | |
| https://www.debian.org/security/2020/dsa-4699 | 2023-10-12 | |
| https://access.redhat.com/security/cve/CVE-2020-12464 | 2021-05-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1831726 | 2021-05-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.16.85 Search vendor "Linux" for product "Linux Kernel" and version " < 3.16.85" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 4.4.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.4.221" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.221" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.178 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.178" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.119" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.36" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5 < 5.6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.6.8" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h300s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h300s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h410c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h410c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h410s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h410s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h500s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h500s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h610c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h610s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h615c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h615c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h700s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h700s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Storage Nodes Search vendor "Netapp" for product "Hci Storage Nodes" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire \& Hci Storage Node Search vendor "Netapp" for product "Solidfire \& Hci Storage Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Aff A700s Search vendor "Netapp" for product "Aff A700s" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Affected
| ||||||