NVD Vulnerability Detail

CVE-2020-36322

Summary	An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Publication Date	April 14, 2021, 3:15 p.m.
Registration Date	April 14, 2021, 8:01 p.m.
Last Update	Nov. 21, 2024, 2:29 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::					5.10.6

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:starwindsoftware:starwind_virtual_san:8:14338::::::

Related information, measures and tools

No	URL	タグ
1	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6	Release Notes Vendor Advisory
2	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6	Release Notes Vendor Advisory
3	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454	Patch Vendor Advisory
4	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454	Patch Vendor Advisory
5	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List Third Party Advisory
7	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List Third Party Advisory
8	https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List Third Party Advisory
9	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
10	https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
11	https://www.starwindsoftware.com/security/sw-20220816-0001/	Third Party Advisory
12	https://www.starwindsoftware.com/security/sw-20220816-0001/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-459	不完全なクリーンアップ	https://cwe.mitre.org/data/definitions/459.html

JVN Vulnerability Information

Linux Kernel における不完全なクリーンアップに関する脆弱性

Title	Linux Kernel における不完全なクリーンアップに関する脆弱性
Summary	Linux Kernel には、不完全なクリーンアップに関する脆弱性が存在します。ベンダは、本脆弱性を CID-5d069dbe8aaf として公開しています。本脆弱性は、CVE-2021-28950 に対する修正が不完全だったことに起因する脆弱性です。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 10, 2020, midnight
Registration Date	Dec. 20, 2021, 6:15 p.m.
Last Update	Dec. 20, 2021, 6:15 p.m.

Affected System

Linux

Linux Kernel 5.10.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-36322	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322
National Vulnerability Database (NVD)
2	CVE-2020-36322	https://nvd.nist.gov/vuln/detail/CVE-2020-36322

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-459	https://cwe.mitre.org/data/definitions/459.html

ベンダー情報

No	Name	URL
ChangeLog
1	ChangeLog-5.10.6	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
3	fuse: fix bad inode	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454

Change Log

No	Changed Details	Date of change
1	[2021年12月20日] 掲載	Dec. 20, 2021, 6:15 p.m.