CVE-2020-15436

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.8

Description The issue is related to a use-after-free vulnerability in the fs/block dev.c file of the Linux kernel. This vulnerability can be exploited by local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. The vulnerability is due to a memory corruption issue in the blkdev get function of block dev.c, which can lead to local escalation of privilege without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations For Linux kernel versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable fs/block dev.c file until a patch is available. Avoid using the blkdev get function in the affected block dev.c file until the issue is resolved. At the moment, there is no information about additional mitigation measures for this vulnerability.