CVE-2020-36788
HIGHLinux Kernel 5.4-5.10.73 5.14.12-5.14.* 5.15 - Use-After-Free in Nouveau BO Initialization
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm().
References (3)
Core 3
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (10)
Linux/Linux
< 5.4
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 548f2ff8ea5e0ce767ae3418d1ec5308990be87d
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - bcf34aa5082ee2343574bc3f4d1c126030913e54
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96
Linux/Linux
5.10.73 - 5.10.*
Linux/Linux
5.14.12 - 5.14.*
Linux/Linux
5.15
Linux/Linux
5.4
linux/linux_kernel
5.15 rc1 (4 CPE variants)
linux/linux_kernel
5.4 - 5.10.73
Published
May 21, 2024
Tracked Since
Feb 18, 2026