An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr() calls makebadinode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
{ "vanir_signatures": [ { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/acl.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-027101b7", "digest": { "line_hashes": [ "74018305042266961981578630896089398804", "311276275642731116064108193786171041048", "238564488313219930779140504458344048945", "102344071471045085940089020606222201266", "84733215006334582628677955717433648043", "70489431107468227500915204450041795287" ], "threshold": 0.9 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/xattr.c", "function": "fuse_xattr_get" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-2ca1e7bc", "digest": { "function_hash": "125112341659662387888473201385410004193", "length": 185.0 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/file.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-33ce1f48", "digest": { "line_hashes": [ "273262102097610898319417944123283076028", "60069448935734084842706574609447082077", "175923011170780398637420006172425976167", "25072558883817997567307375605133368753", "336072951587560772512672287787642550344", "85766476122455348082833072566732079516", "324611710906906221564933631414837230557", "321453705664491214814555954870581856816", "226611636013825492743059537831680113664", "302278061698579105300794127933903448898", "77036497175745109878999168054422354675", "190627128326861398817097657029277594872", "113780123057941915828592686810034518553", "323271693065589588200665307655772158247", "134126705350828785134449161584955985138", "271552679397535494461187485918987541715", "237454604128478952031494486047324901114", "118390397993407891984582525428644525597", "271350657079176202182314064974039313190", "57408762819207151568285728001618283675", "278118476921104808570036718040485246259", "133833030798367159864157082288360227301", "227315002693907702922162927240816672301", "57408762819207151568285728001618283675", "278118476921104808570036718040485246259", "133833030798367159864157082288360227301", "92498249587843759208593036433198312838", "271372632365231065211882856067166153354", "113780123057941915828592686810034518553", "331344381774239775761220489481684400402", "188484115022790685668882346585220727723", "43478648740375649564762307299014701284", "104201508755644428064491324719077577633", "231657734080218264590289946582776192130", "208353297535350625609344417025515065739" ], "threshold": 0.9 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_atomic_open" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-3e287fe8", "digest": { "function_hash": "131656086487245995908687637844943211072", "length": 753.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_permission" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-57ac9c15", "digest": { "function_hash": "163952898911382257329067664840039947678", "length": 1052.0 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/xattr.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-5f80fd14", "digest": { "line_hashes": [ "193605879305259822178014770063036834744", "333793714505464976260806354875925435204", "302165966241651812812294605408402336028", "284716991533642141488172731602505721819", "27145765365378110737449413947872161545", "285906831916383438258162293447282073868", "332474892584111336438916847159404118049", "163885507572478657897607919380718611129", "258954210273288651102502228363036902951", "50181305821831786765057575890852261504", "44800984288947597207498923501963468694" ], "threshold": 0.9 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/fuse_i.h" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-651268ee", "digest": { "line_hashes": [ "176271612186001277065957285199215788946", "14747202077759725909257872607965583779", "140388228957603270426688504202509186102", "175710242940290927004964409282266302282", "12717525236772645814209324145775774977", "236676378461676380161947738844029604157", "289341914007163765244547562410315864824" ], "threshold": 0.9 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/xattr.c", "function": "fuse_listxattr" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-735c0b4b", "digest": { "function_hash": "128459240267822152664351791086282773928", "length": 1051.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_unlink" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-8207a3f0", "digest": { "function_hash": "215775360227015105629409674404626875439", "length": 759.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/file.c", "function": "fuse_open_common" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-886be938", "digest": { "function_hash": "108767845577480134738381608699483257438", "length": 820.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_setattr" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-8b5611b0", "digest": { "function_hash": "330506134526236933797340159291857562387", "length": 1053.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/xattr.c", "function": "fuse_xattr_set" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-9212ee91", "digest": { "function_hash": "315974781865270964490481335461906654098", "length": 264.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_rmdir" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-9ee85887", "digest": { "function_hash": "126584471280842058703172457426413326936", "length": 518.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_lookup" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-a0b0f226", "digest": { "function_hash": "20730889260397843385182739651283743867", "length": 769.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_getattr" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-a18fc652", "digest": { "function_hash": "36843919887790438554026885664151240580", "length": 380.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "create_new_entry" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-cc5f66ff", "digest": { "function_hash": "211036357659700116752475686790869886806", "length": 1173.0 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/readdir.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-d15689fc", "digest": { "line_hashes": [ "151740607978782592117665796017965656031", "279799877663863927451718242635916213301", "292970482665930769955151169523288419089", "38763568620427328907767250202204114069", "247598411322237297276079110914648702445", "53323246642828554315794761636453616300", "260038131667509638239808348324502777836", "186347225330056172442488764996237957279" ], "threshold": 0.9 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/dir.c", "function": "fuse_rename2" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-e2af0391", "digest": { "function_hash": "194020417766005203207533738194497740567", "length": 605.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/acl.c", "function": "fuse_get_acl" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-ed7d7cca", "digest": { "function_hash": "191895684234208016634457438724334258371", "length": 831.0 } }, { "signature_type": "Function", "deprecated": false, "target": { "file": "fs/fuse/acl.c", "function": "fuse_set_acl" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-f2b0ffbc", "digest": { "function_hash": "210506087922772730057296491020584748664", "length": 825.0 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/inode.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-f5f800a1", "digest": { "line_hashes": [ "243249171749004453821786719993896310479", "123201813657348806591988710677054209940", "335709124448295041413086562227400360168", "227130748792835125928040930236451826209", "24074746176050038044426240394109679393", "134697100701845894402449431976973260462", "45729907087698408403393885046620233155", "53019341455430587891421854336319714394" ], "threshold": 0.9 } }, { "signature_type": "Line", "deprecated": false, "target": { "file": "fs/fuse/dir.c" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454", "id": "CVE-2020-36322-f71c390f", "digest": { "line_hashes": [ "229590558853461603397659888730384129667", "282316202030510890914672385354908310426", "111041354383523986099964211021420613888", "81883460768901763354293241849526174930", "101688313629419653463894581002047519015", "95018074530924314665308154067330981351", "112713940370512353565720647831719491980", "222652272093168359591459213999612444451", "229907445285722047760400930427843901268", "325096572909633628093692286785143806496", "127514743267578511400942660475921473906", "199245525321927631093494068870564094582", "296301329256073651810661087769720800788", "143895735010707251456177813302238868270", "297380524267693964966385040072692982294", "265199718169066363398087231363845242324", "236218466225613599544265033012662322573", "300848157853517253588818638010147747216", "334549542541541551872402401599079025557", "197078340520773568541622793721743145550", "226726195311492675472555277579737013228", "25831100816541387644840524088581565834", "307028145626984588699415360666974204627", "47218038171357529446562748075543147654", "43751960626812286949028176682149347359", "30504594062080890554569335566165190980", "164261512466461161412219784241171764581", "35647702916865909447236474313476759469", "191218141193929964389599651506054362124", "302717476860030451533667955961905732270", "215868022020448656461124027174807605414", "247912740773276954599940528396317379149", "131444110228149878746961886255889766614", "321453705664491214814555954870581856816", "226611636013825492743059537831680113664", "137228773799344440213379920871445010597", "56069649188528228693953850835122808350", "262852090389172486488165884744601729098", "47218038171357529446562748075543147654", "255688194990709712354981529685705126394", "278435440090286944597183562063175051668", "287143660103805910169824660422584633097", "16915389899131477949869293794366476349", "248386779313205371765528166717234414725", "179765287965089524724068132923317654922", "225284634685061377288651902677515330429", "140872916017568293236562577531182637629" ], "threshold": 0.9 } } ] }