CVE-2020-14356

HIGH

Linux Kernel < 4.9.231 - NULL Pointer Dereference

Title source: rule
STIX 2.1

Description

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

Exploits (1)

nomisec WRITEUP
by ShaikUsaf · poc
https://github.com/ShaikUsaf/linux-4.19.72_CVE-2020-14356

References (12)

Core 12
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1868453
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.kernel.org/show_bug.cgi?id=208003
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200904-0002/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4484-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4483-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4526-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Scores

CVSS v3 7.8
EPSS 0.0076
EPSS Percentile 73.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-476
Status published
Products (14)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
debian/debian_linux 9.0
linux/linux_kernel 4.5 - 4.9.231
netapp/active_iq_unified_manager
netapp/cloud_backup
netapp/hci_management_node
netapp/solidfire
... and 4 more
Published Aug 19, 2020
Tracked Since Feb 18, 2026