PT-2020-6693 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2020-02-10

·

Updated

2024-04-23

·

CVE-2020-36558

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.5.7
Description A race condition involving VT RESIZEX in the Linux kernel could lead to a NULL pointer dereference and general protection fault. This issue is related to incorrect synchronization when using a shared resource, potentially allowing a remote attacker to cause a denial of service.
Recommendations For Linux kernel versions prior to 5.5.7, update to version 5.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the VT RESIZEX functionality until a patch is available.

Exploit

Fix

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-476

Related Identifiers

ALSA-2022:7444
ALSA-2022:7683
ALT-PU-2020-1414
ALT-PU-2020-1424
ALT-PU-2020-1638
ALT-PU-2020-1646
ALT-PU-2020-1714
ALT-PU-2020-2164
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2022-04742
CESA-2022_7444
CESA-2022_7683
CVE-2020-36558
OPENSUSE-SU-2022_2741-1
OPENSUSE-SU-2022_2827-1
OPENSUSE-SU-2022_2875-1
RHSA-2022:7444
RHSA-2022:7683
RHSA-2022_7444
RHSA-2022_7683
RHSA-2023:5627
RHSA-2024:2003
RHSA-2024:2004
RHSA-2024_2003
RHSA-2024_2004
RLSA-2022:7444
RLSA-2022:7683
SUSE-SU-2022:2719-1
SUSE-SU-2022:2720-1
SUSE-SU-2022:2721-1
SUSE-SU-2022:2723-1
SUSE-SU-2022:2741-1
SUSE-SU-2022:2809-1
SUSE-SU-2022:2827-1
SUSE-SU-2022:2840-1
SUSE-SU-2022:2875-1
SUSE-SU-2022:2875-2
SUSE-SU-2022:2892-1
SUSE-SU-2022:2892-2
SUSE-SU-2022:2910-1
SUSE-SU-2022:3274-1
SUSE-SU-2022:4027-1
SUSE-SU-2022:4129-1
SUSE-SU-2023:0416-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse