CVE-2020-36322
kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Se detectó un problema en la implementación del sistema de archivos FUSE en el kernel de Linux versiones anteriores a 510.6, también se conoce como CID-5d069dbe8aaf. La función fuse_do_getattr() llama a la función make_bad_inode() en situaciones inapropiadas, causando un bloqueo del sistema. NOTA: la solución original para esta vulnerabilidad estaba incompleta y su estado incompleto es registrado como CVE-2021-28950
A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system.
Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include an information leakage vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-14 CVE Reserved
- 2021-04-14 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-459: Incomplete Cleanup
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | Mailing List |
|
| https://www.starwindsoftware.com/security/sw-20220816-0001 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454 | 2022-10-14 |
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6 | 2022-10-14 | |
| https://www.debian.org/security/2022/dsa-5096 | 2022-10-14 | |
| https://access.redhat.com/security/cve/CVE-2020-36322 | 2022-01-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1949560 | 2022-01-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.6 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Starwindsoftware Search vendor "Starwindsoftware" | Starwind Virtual San Search vendor "Starwindsoftware" for product "Starwind Virtual San" | 8 Search vendor "Starwindsoftware" for product "Starwind Virtual San" and version "8" | 14338 |
Affected
| ||||||