CVE-2020-14356

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.7.10

Description The issue is related to a null pointer dereference in the cgroupv2 subsystem of the Linux kernel. This could allow an attacker to cause a denial of service or escalate their privileges. A local user can exploit this issue to crash the system or gain elevated privileges.

Recommendations For Linux kernel versions prior to 5.7.10, update to version 5.7.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgroupv2 subsystem to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:1578

ALT-PU-2020-2448

ALT-PU-2020-2449

ALT-PU-2020-2483

ALT-PU-2020-2494

ALT-PU-2020-2510

ALT-PU-2020-2511

ALT-PU-2020-2687

ALT-PU-2020-2696

ALT-PU-2020-2708

ALT-PU-2020-2716

ALT-PU-2020-3454

ALT-PU-2021-1105

ALT-PU-2021-1531

ALT-PU-2021-1840

BDU:2021-03189

CESA-2021_1578

CESA-2021_1739

CVE-2020-14356

DLA-2385-1

DLA-2420-1

DLA-2420-2

OPENSUSE-SU-2020:1236-1

OPENSUSE-SU-2020:1325-1

OPENSUSE-SU-2020_1236-1

OPENSUSE-SU-2020_1325-1

OPENSUSE-SU-2021:0242-1

OPENSUSE-SU-2021_0242-1

RHSA-2021:1578

RHSA-2021:1739

RHSA-2021_1578

RHSA-2021_1739

SUSE-SU-2020:2485-1

SUSE-SU-2020:2486-1

SUSE-SU-2020:2540-1

SUSE-SU-2020:2541-1

SUSE-SU-2020:2574-1

SUSE-SU-2020:2575-1

SUSE-SU-2020:2605-1

SUSE-SU-2020:2610-1

SUSE-SU-2020:2623-1

SUSE-SU-2020:2631-1

USN-4483-1

USN-4484-1

USN-4526-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2020-14356

Weakness Enumeration

Related Identifiers

Affected Products

References · 1055