CVE-2020-14381

HIGH

Linux Kernel < 5.6 - Use-After-Free in Futex Implementation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14381. PoCs published by nanopathi.

AI-analyzed exploit summary The repository contains documentation files from a Linux kernel version 4.19.72, specifically related to CVE-2020-14381. No exploit code or proof-of-concept is present; only documentation and configuration files are included.

Description

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Exploits (1)

nomisec WRITEUP
by nanopathi · poc
https://github.com/nanopathi/linux-4.19.72_CVE-2020-14381

The repository contains documentation files from a Linux kernel version 4.19.72, specifically related to CVE-2020-14381. No exploit code or proof-of-concept is present; only documentation and configuration files are included.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Linux kernel 4.19.72
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1874311

Scores

CVSS v3 7.8
EPSS 0.0083
EPSS Percentile 52.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (2)
linux/linux_kernel 5.6 (6 CPE variants)
linux/linux_kernel < 5.6
Published Dec 03, 2020
Tracked Since Feb 18, 2026