CVE-2020-12464

MEDIUM

Linux kernel <5.6.8 - Use After Free

Title source: llm

Description

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

References (17)

Core 17

Core References

Patch, Vendor Advisory x_refsource_misc

https://patchwork.kernel.org/patch/11463781/

Exploit, Vendor Advisory x_refsource_misc

https://lkml.org/lkml/2020/3/23/52

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b

View Patch ZIP pw:eip

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b

Release Notes, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200608-0001/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Third Party Advisory, VDB Entry vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4698

Third Party Advisory, VDB Entry vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4699

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4388-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4389-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4387-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4390-1/

Third Party Advisory, VDB Entry vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4391-1/

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (17)

linux/linux_kernel < 3.16.85

netapp/active_iq_unified_manager

netapp/aff_a700s

netapp/cloud_backup

netapp/hci_baseboard_management_controller h300s

netapp/hci_baseboard_management_controller h410c

netapp/hci_baseboard_management_controller h410s

netapp/hci_baseboard_management_controller h500s

netapp/hci_baseboard_management_controller h610c

netapp/hci_baseboard_management_controller h610s

... and 7 more

Published Apr 29, 2020

Tracked Since Feb 18, 2026