CVE-2020-36788

Published: May 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm().

Vendor	Product	Versions
Linux	Linux	affected `019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96` affected `019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 548f2ff8ea5e0ce767ae3418d1ec5308990be87d` affected `019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < bcf34aa5082ee2343574bc3f4d1c126030913e54`
Linux	Linux	affected `5.4` unaffected `0 - < 5.4` unaffected `5.10.73 - <= 5.10.` unaffected `5.14.12 - <= 5.14.` unaffected `5.15 - <= *`

References

https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96

https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d

https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-36788

Description

Affected Products

References