CVE-2020-36788: drm/nouveau: avoid a use-after-free when BO init fails
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: avoid a use-after-free when BO init fails
nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code
back to the caller. On failures, ttm_bo_init() invokes the provided
destructor which should de-initialize and free the memory.
Thus, when nouveau_bo_init() returns an error the gem object has already
been released and the memory freed by nouveau_bo_del_ttm().
Security readout for executives and security teams
Plain-English summary
CVE-2020-36788 is a Linux kernel flaw in the nouveau graphics driver. If buffer object initialization fails, cleanup can free an object that later code still treats as valid. The sources do not provide CVSS, impact detail, or exploitation evidence, so business urgency depends on whether affected systems use nouveau-enabled Linux kernels.
Executive priority
Assign priority based on kernel exposure and GPU driver usage. Patch routine Linux fleets through normal kernel maintenance, but escalate systems with custom kernels, GPU workloads, or broad user access until fixed-version status is confirmed.
Technical view
The issue is a use-after-free in drm/nouveau. nouveau_bo_init() returns errors from ttm_bo_init(); on failure, ttm_bo_init() calls the destructor, which frees the GEM object through nouveau_bo_del_ttm(). Later handling could reference freed memory. Kernel stable commits are cited as the resolution.
Likely exposure
Exposure is most likely on Linux systems running affected kernel versions with the nouveau DRM driver available or in use. The source lists Linux kernel entries including 5.4, 5.10.73, 5.14.12, and 5.15, but version data is incomplete and should be validated against vendor kernel advisories.
Exploitation context
The provided sources do not show active exploitation, public exploit availability, KEV listing, or practical exploit prerequisites. Treat this as a kernel memory-safety issue requiring patch validation, not as confirmed exploited activity.
Researcher notes
Official CVE data confirms the resolved bug pattern but omits CVSS, CWE, exploitability detail, and precise downstream distro status. The safest research path is commit review, affected-branch mapping, and vendor advisory correlation without assuming exploitability.
Mitigation direction
Check Linux distribution guidance for CVE-2020-36788.
Update affected kernels to builds containing the referenced stable fixes.
Confirm custom kernels include the relevant nouveau fix commits.
If nouveau is unnecessary, evaluate vendor-supported disablement after testing.
Validation and detection
Inventory Linux hosts and kernel versions.
Identify systems where the nouveau DRM driver is present or enabled.
Compare vendor kernel changelogs against the cited stable commits.
Verify patched systems run a fixed kernel after maintenance.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2020-36788 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.