Out-of-bounds Read Affecting perf package, versions <0:4.18.0-348.el8
Threat Intelligence
EPSS
0.08% (36th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-PERF-4119766
- published 26 Jul 2021
- disclosed 10 Jul 2020
Introduced: 10 Jul 2020
CVE-2020-36386 Open this link in a new tabHow to fix?
Upgrade RHEL:8
perf
to version 0:4.18.0-348.el8 or higher.
This issue was patched in RHSA-2021:4356
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf
package and not the perf
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
References
- https://access.redhat.com/security/cve/CVE-2020-36386
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101
- https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt
- https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2
- https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000
- https://access.redhat.com/errata/RHSA-2021:4356
CVSS Scores
version 3.1