CVE-2020-14381

HIGH

Linux Kernel < 5.6 - Use After Free

Title source: rule

Description

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Exploits (1)

nomisec WRITEUP

by nanopathi · poc

https://github.com/nanopathi/linux-4.19.72_CVE-2020-14381

View Code ZIP pw:eip

References (2)

Core 2

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1874311

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254

Scores

CVSS v3 7.8

EPSS 0.0064

EPSS Percentile 70.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (2)

linux/linux_kernel 5.6 (6 CPE variants)

linux/linux_kernel < 5.6

Published Dec 03, 2020

Tracked Since Feb 18, 2026