PT-2021-7780 · Linux+6 · Linux Kernel+6

Syzbot

Published

2020-12-18

Updated

2026-03-14

CVE-2020-36694

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10

Description An issue in the Linux kernel's netfilter component can cause a use-after-free in the packet processing context due to mishandled per-CPU sequence counts during concurrent iptables rules replacement. This could be exploited with the CAP NET ADMIN capability in an unprivileged namespace, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 5.10, update to a version 5.10 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2020-3536

ALT-PU-2020-3553

ALT-PU-2020-3571

ALT-PU-2021-1083

ALT-PU-2021-1105

ALT-PU-2021-1446

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2023-02799

CESA-2021_1578

CESA-2021_1739

CVE-2020-36694

ECHO-0CC9-DDA8-D360

OESA-2023-1303

RHSA-2021:1578

RHSA-2021:1739

RHSA-2021_1578

RHSA-2021_1739

SUSE-SU-2023:2502-1

SUSE-SU-2023:2611-1

SUSE-SU-2023:2651-1

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Linux Kernel

Red Hat

Suse

PT-2021-7780 · Linux+6 · Linux Kernel+6

CVE-2020-36694

Weakness Enumeration

Related Identifiers

Affected Products

References · 92