CVE-2020-12464

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 Release Notes Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b Patch Vendor Advisory
https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html Third Party Advisory
https://lkml.org/lkml/2020/3/23/52 Exploit Vendor Advisory
https://patchwork.kernel.org/patch/11463781/ Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20200608-0001/ Third Party Advisory
https://usn.ubuntu.com/4387-1/ Third Party Advisory
https://usn.ubuntu.com/4388-1/ Third Party Advisory
https://usn.ubuntu.com/4389-1/ Third Party Advisory
https://usn.ubuntu.com/4390-1/ Third Party Advisory
https://usn.ubuntu.com/4391-1/ Third Party Advisory VDB Entry
https://www.debian.org/security/2020/dsa-4698 Third Party Advisory VDB Entry
https://www.debian.org/security/2020/dsa-4699 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 Release Notes Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b Patch Vendor Advisory
https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html Third Party Advisory
https://lkml.org/lkml/2020/3/23/52 Exploit Vendor Advisory
https://patchwork.kernel.org/patch/11463781/ Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20200608-0001/ Third Party Advisory
https://usn.ubuntu.com/4387-1/ Third Party Advisory
https://usn.ubuntu.com/4388-1/ Third Party Advisory
https://usn.ubuntu.com/4389-1/ Third Party Advisory
https://usn.ubuntu.com/4390-1/ Third Party Advisory
https://usn.ubuntu.com/4391-1/ Third Party Advisory VDB Entry
https://www.debian.org/security/2020/dsa-4698 Third Party Advisory VDB Entry
https://www.debian.org/security/2020/dsa-4699 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html - Third Party Advisory
References () https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 - Release Notes, Vendor Advisory () https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 - Release Notes, Vendor Advisory
References () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b - Patch, Vendor Advisory () https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b - Patch, Vendor Advisory
References () https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b - Patch, Third Party Advisory () https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b - Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Third Party Advisory
References () https://lkml.org/lkml/2020/3/23/52 - Exploit, Vendor Advisory () https://lkml.org/lkml/2020/3/23/52 - Exploit, Vendor Advisory
References () https://patchwork.kernel.org/patch/11463781/ - Patch, Vendor Advisory () https://patchwork.kernel.org/patch/11463781/ - Patch, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20200608-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20200608-0001/ - Third Party Advisory
References () https://usn.ubuntu.com/4387-1/ - Third Party Advisory () https://usn.ubuntu.com/4387-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4388-1/ - Third Party Advisory () https://usn.ubuntu.com/4388-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4389-1/ - Third Party Advisory () https://usn.ubuntu.com/4389-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4390-1/ - Third Party Advisory () https://usn.ubuntu.com/4390-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4391-1/ - Third Party Advisory, VDB Entry () https://usn.ubuntu.com/4391-1/ - Third Party Advisory, VDB Entry
References () https://www.debian.org/security/2020/dsa-4698 - Third Party Advisory, VDB Entry () https://www.debian.org/security/2020/dsa-4698 - Third Party Advisory, VDB Entry
References () https://www.debian.org/security/2020/dsa-4699 - Third Party Advisory, VDB Entry () https://www.debian.org/security/2020/dsa-4699 - Third Party Advisory, VDB Entry

12 Oct 2023, 14:10

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200608-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200608-0001/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4391-1/ - (UBUNTU) https://usn.ubuntu.com/4391-1/ - Third Party Advisory, VDB Entry
References (DEBIAN) https://www.debian.org/security/2020/dsa-4698 - (DEBIAN) https://www.debian.org/security/2020/dsa-4698 - Third Party Advisory, VDB Entry
References (UBUNTU) https://usn.ubuntu.com/4388-1/ - (UBUNTU) https://usn.ubuntu.com/4388-1/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4389-1/ - (UBUNTU) https://usn.ubuntu.com/4389-1/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4387-1/ - (UBUNTU) https://usn.ubuntu.com/4387-1/ - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4699 - (DEBIAN) https://www.debian.org/security/2020/dsa-4699 - Third Party Advisory, VDB Entry
References (UBUNTU) https://usn.ubuntu.com/4390-1/ - (UBUNTU) https://usn.ubuntu.com/4390-1/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html - Third Party Advisory
First Time Netapp hci Compute Node
Netapp solidfire \& Hci Storage Node
Netapp aff A700s
Netapp hci Baseboard Management Controller
Netapp
Netapp cloud Backup
Netapp solidfire Baseboard Management Controller
Netapp hci Storage Nodes
Netapp steelstore Cloud Integrated Storage
Netapp active Iq Unified Manager

Information

Published : 2020-04-29 18:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12464

Mitre link : CVE-2020-12464

CVE.ORG link : CVE-2020-12464


JSON object : View

Products Affected

netapp

  • cloud_backup
  • aff_a700s
  • solidfire_baseboard_management_controller
  • hci_compute_node
  • steelstore_cloud_integrated_storage
  • hci_storage_nodes
  • solidfire_\&_hci_storage_node
  • hci_baseboard_management_controller
  • active_iq_unified_manager

linux

  • linux_kernel
CWE
CWE-416

Use After Free