An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr() calls makebadinode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-027101b7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"74018305042266961981578630896089398804",
"311276275642731116064108193786171041048",
"238564488313219930779140504458344048945",
"102344071471045085940089020606222201266",
"84733215006334582628677955717433648043",
"70489431107468227500915204450041795287"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/acl.c"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-2ca1e7bc",
"digest": {
"length": 185.0,
"function_hash": "125112341659662387888473201385410004193"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_xattr_get",
"file": "fs/fuse/xattr.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-33ce1f48",
"digest": {
"threshold": 0.9,
"line_hashes": [
"273262102097610898319417944123283076028",
"60069448935734084842706574609447082077",
"175923011170780398637420006172425976167",
"25072558883817997567307375605133368753",
"336072951587560772512672287787642550344",
"85766476122455348082833072566732079516",
"324611710906906221564933631414837230557",
"321453705664491214814555954870581856816",
"226611636013825492743059537831680113664",
"302278061698579105300794127933903448898",
"77036497175745109878999168054422354675",
"190627128326861398817097657029277594872",
"113780123057941915828592686810034518553",
"323271693065589588200665307655772158247",
"134126705350828785134449161584955985138",
"271552679397535494461187485918987541715",
"237454604128478952031494486047324901114",
"118390397993407891984582525428644525597",
"271350657079176202182314064974039313190",
"57408762819207151568285728001618283675",
"278118476921104808570036718040485246259",
"133833030798367159864157082288360227301",
"227315002693907702922162927240816672301",
"57408762819207151568285728001618283675",
"278118476921104808570036718040485246259",
"133833030798367159864157082288360227301",
"92498249587843759208593036433198312838",
"271372632365231065211882856067166153354",
"113780123057941915828592686810034518553",
"331344381774239775761220489481684400402",
"188484115022790685668882346585220727723",
"43478648740375649564762307299014701284",
"104201508755644428064491324719077577633",
"231657734080218264590289946582776192130",
"208353297535350625609344417025515065739"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/file.c"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-3e287fe8",
"digest": {
"length": 753.0,
"function_hash": "131656086487245995908687637844943211072"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_atomic_open",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-57ac9c15",
"digest": {
"length": 1052.0,
"function_hash": "163952898911382257329067664840039947678"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_permission",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-5f80fd14",
"digest": {
"threshold": 0.9,
"line_hashes": [
"193605879305259822178014770063036834744",
"333793714505464976260806354875925435204",
"302165966241651812812294605408402336028",
"284716991533642141488172731602505721819",
"27145765365378110737449413947872161545",
"285906831916383438258162293447282073868",
"332474892584111336438916847159404118049",
"163885507572478657897607919380718611129",
"258954210273288651102502228363036902951",
"50181305821831786765057575890852261504",
"44800984288947597207498923501963468694"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/xattr.c"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-651268ee",
"digest": {
"threshold": 0.9,
"line_hashes": [
"176271612186001277065957285199215788946",
"14747202077759725909257872607965583779",
"140388228957603270426688504202509186102",
"175710242940290927004964409282266302282",
"12717525236772645814209324145775774977",
"236676378461676380161947738844029604157",
"289341914007163765244547562410315864824"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/fuse_i.h"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-735c0b4b",
"digest": {
"length": 1051.0,
"function_hash": "128459240267822152664351791086282773928"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_listxattr",
"file": "fs/fuse/xattr.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-8207a3f0",
"digest": {
"length": 759.0,
"function_hash": "215775360227015105629409674404626875439"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_unlink",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-886be938",
"digest": {
"length": 820.0,
"function_hash": "108767845577480134738381608699483257438"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_open_common",
"file": "fs/fuse/file.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-8b5611b0",
"digest": {
"length": 1053.0,
"function_hash": "330506134526236933797340159291857562387"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_setattr",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-9212ee91",
"digest": {
"length": 264.0,
"function_hash": "315974781865270964490481335461906654098"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_xattr_set",
"file": "fs/fuse/xattr.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-9ee85887",
"digest": {
"length": 518.0,
"function_hash": "126584471280842058703172457426413326936"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_rmdir",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-a0b0f226",
"digest": {
"length": 769.0,
"function_hash": "20730889260397843385182739651283743867"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_lookup",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-a18fc652",
"digest": {
"length": 380.0,
"function_hash": "36843919887790438554026885664151240580"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_getattr",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-cc5f66ff",
"digest": {
"length": 1173.0,
"function_hash": "211036357659700116752475686790869886806"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "create_new_entry",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-d15689fc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"151740607978782592117665796017965656031",
"279799877663863927451718242635916213301",
"292970482665930769955151169523288419089",
"38763568620427328907767250202204114069",
"247598411322237297276079110914648702445",
"53323246642828554315794761636453616300",
"260038131667509638239808348324502777836",
"186347225330056172442488764996237957279"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/readdir.c"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-e2af0391",
"digest": {
"length": 605.0,
"function_hash": "194020417766005203207533738194497740567"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_rename2",
"file": "fs/fuse/dir.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-ed7d7cca",
"digest": {
"length": 831.0,
"function_hash": "191895684234208016634457438724334258371"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_get_acl",
"file": "fs/fuse/acl.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-f2b0ffbc",
"digest": {
"length": 825.0,
"function_hash": "210506087922772730057296491020584748664"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "fuse_set_acl",
"file": "fs/fuse/acl.c"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-f5f800a1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"243249171749004453821786719993896310479",
"123201813657348806591988710677054209940",
"335709124448295041413086562227400360168",
"227130748792835125928040930236451826209",
"24074746176050038044426240394109679393",
"134697100701845894402449431976973260462",
"45729907087698408403393885046620233155",
"53019341455430587891421854336319714394"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/inode.c"
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@5d069dbe8aaf2a197142558b6fb2978189ba3454",
"id": "CVE-2020-36322-f71c390f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"229590558853461603397659888730384129667",
"282316202030510890914672385354908310426",
"111041354383523986099964211021420613888",
"81883460768901763354293241849526174930",
"101688313629419653463894581002047519015",
"95018074530924314665308154067330981351",
"112713940370512353565720647831719491980",
"222652272093168359591459213999612444451",
"229907445285722047760400930427843901268",
"325096572909633628093692286785143806496",
"127514743267578511400942660475921473906",
"199245525321927631093494068870564094582",
"296301329256073651810661087769720800788",
"143895735010707251456177813302238868270",
"297380524267693964966385040072692982294",
"265199718169066363398087231363845242324",
"236218466225613599544265033012662322573",
"300848157853517253588818638010147747216",
"334549542541541551872402401599079025557",
"197078340520773568541622793721743145550",
"226726195311492675472555277579737013228",
"25831100816541387644840524088581565834",
"307028145626984588699415360666974204627",
"47218038171357529446562748075543147654",
"43751960626812286949028176682149347359",
"30504594062080890554569335566165190980",
"164261512466461161412219784241171764581",
"35647702916865909447236474313476759469",
"191218141193929964389599651506054362124",
"302717476860030451533667955961905732270",
"215868022020448656461124027174807605414",
"247912740773276954599940528396317379149",
"131444110228149878746961886255889766614",
"321453705664491214814555954870581856816",
"226611636013825492743059537831680113664",
"137228773799344440213379920871445010597",
"56069649188528228693953850835122808350",
"262852090389172486488165884744601729098",
"47218038171357529446562748075543147654",
"255688194990709712354981529685705126394",
"278435440090286944597183562063175051668",
"287143660103805910169824660422584633097",
"16915389899131477949869293794366476349",
"248386779313205371765528166717234414725",
"179765287965089524724068132923317654922",
"225284634685061377288651902677515330429",
"140872916017568293236562577531182637629"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "fs/fuse/dir.c"
},
"signature_type": "Line"
}
]