CVE-2020-36694

MEDIUM Year: 2020
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.

Related Vulnerabilities

CVE-2016-7154

MEDIUM
CVSS:6.7(Medium)

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain se...

CWE-4162016

CVE-2018-9517

MEDIUM
CVSS:6.7(Medium)

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...

CWE-4162018

CVE-2019-19769

MEDIUM
CVSS:6.7(Medium)

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

CWE-4162019

CVE-2019-8528

MEDIUM
CVSS:6.7(Medium)

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, i...

CWE-4162019

CVE-2019-9259

MEDIUM
CVSS:6.7(Medium)

In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n...

CWE-4162019

CVE-2019-9273

MEDIUM
CVSS:6.7(Medium)

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution pri...

CWE-4162019