CVE-2020-36557
kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-free in con_shutdown().
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
Una condición de carrera en el kernel de Linux versiones anteriores a 5.6.2 entre el ioctl VT_DISALLOCATE y el cierre/apertura de ttys podría conllevar a un uso de memoria previamente liberada
A use-after-free flaw was found in the Linux kernel’s Virtual Terminal subsystem in how a user calls the VT_DISALLOCATE ioctl during the closing/opening of ttys. This flaw allows a local user to crash the system.
An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bug fixes.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-21 CVE Reserved
- 2022-07-21 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-36557 | 2021-05-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2112688 | 2021-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.6.2 Search vendor "Linux" for product "Linux Kernel" and version " < 5.6.2" | - |
Affected
|