CVE-2020-36788

HIGH

Linux Kernel 5.4-5.10.73 5.14.12-5.14.* 5.15 - Use-After-Free in Nouveau BO Initialization

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm().

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (10)
Linux/Linux < 5.4
Linux/Linux 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 548f2ff8ea5e0ce767ae3418d1ec5308990be87d
Linux/Linux 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - bcf34aa5082ee2343574bc3f4d1c126030913e54
Linux/Linux 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96
Linux/Linux 5.10.73 - 5.10.*
Linux/Linux 5.14.12 - 5.14.*
Linux/Linux 5.15
Linux/Linux 5.4
linux/linux_kernel 5.15 rc1 (4 CPE variants)
linux/linux_kernel 5.4 - 5.10.73
Published May 21, 2024
Tracked Since Feb 18, 2026