CVE-2020-14356 — HIGH (7.8)

Q: How severe is CVE-2020-14356?

CVE-2020-14356 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14356?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Opensuse Leap, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 4.5, < 4.9.231
Redhat	Enterprise Linux	8.0
Opensuse	Leap	15.1
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04
Netapp	Active Iq Unified Manager	-
Netapp	Cloud Backup	-
Netapp	Hci Management Node	-
Netapp	Solidfire	-
Netapp	Solidfire Baseboard Management Controller Firmware	-
Netapp	Solidfire Baseboard Management Controller	-

Related Weaknesses (CWE)

CWE-476

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlMailing ListThird Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=208003ExploitIssue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1868453Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.htmlMailing ListThird Party Advisory
https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6ExploitVendor Advisory
https://security.netapp.com/advisory/ntap-20200904-0002/Third Party Advisory
https://usn.ubuntu.com/4483-1/Third Party Advisory
https://usn.ubuntu.com/4484-1/Third Party Advisory
https://usn.ubuntu.com/4526-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.htmlMailing ListThird Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=208003ExploitIssue TrackingVendor Advisory

FAQ

What is CVE-2020-14356?

CVE-2020-14356 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or es...

How severe is CVE-2020-14356?

CVE-2020-14356 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14356?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Opensuse Leap, Debian Debian Linux, Canonical Ubuntu Linux.