CVE-2020-14356

CVE	CVE-2020-14356
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-08-19 15:15:00 UTC
Updated	2023-02-24 18:42:00 UTC
Description	A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

Problem Types: CWE-476

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Hardware	Netapp	Solidfire Baseboard Management Controller	-	All	All	All
Operating System	Netapp	Solidfire Baseboard Management Controller Firmware	-	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.2	All	All	All
Operating System	Opensuse	Leap	15.2	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

Reference	Source	Link	Tags
[security-announce] openSUSE-SU-2020:1325-1: important: Security update	SUSE	lists.opensuse.org
USN-4484-1: Linux kernel vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
[SECURITY] [DLA 2420-2] linux regression update	MLIST	lists.debian.org
USN-4483-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
USN-4526-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
208003 – kernel panic RIP: 0010:__cgroup_bpf_run_filter_skb+0xd9/0x230	MISC	bugzilla.kernel.org	Exploit, Issue Tracking, Vendor Advisory
CVE-2020-14356 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] [DLA 2385-1] linux-4.19 security update	MLIST	lists.debian.org
BUG: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb	MISC	lore.kernel.org	Exploit, Vendor Advisory
[security-announce] openSUSE-SU-2020:1236-1: important: Security update	SUSE	lists.opensuse.org	Third Party Advisory
[SECURITY] [DLA 2420-1] linux security update	MLIST	lists.debian.org
1868453 – (CVE-2020-14356) CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component	MISC	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

159185 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-1578)
239314 Red Hat Update for kernel-rt (RHSA-2021:1739)
239339 Red Hat Update for kernel (RHSA-2021:1578)
353100 Amazon Linux Security Advisory for kernel : ALAC2012-2021-024
353101 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025
353102 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026
670514 EulerOS Security Update for kernel (EulerOS-SA-2021-2272)
730227 McAfee Web Gateway Multiple Vulnerabilities (WP-3426, WP-3427, WP-3307, WP-3444, WP-3452, WP-3475)
750376 OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)
900076 CBL-Mariner Linux Security Update for kernel 5.4.91
902983 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3453)
906147 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3453-1)
940354 AlmaLinux Security Update for kernel (ALSA-2021:1578)