LiveActive security incident?Get immediate response
CVE Record

CVE-2020-36788: drm/nouveau: avoid a use-after-free when BO init fails

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2020-36788 is a Linux kernel flaw in the nouveau graphics driver. If buffer object initialization fails, cleanup can free an object that later code still treats as valid. The sources do not provide CVSS, impact detail, or exploitation evidence, so business urgency depends on whether affected systems use nouveau-enabled Linux kernels.

Executive priority

Assign priority based on kernel exposure and GPU driver usage. Patch routine Linux fleets through normal kernel maintenance, but escalate systems with custom kernels, GPU workloads, or broad user access until fixed-version status is confirmed.

Technical view

The issue is a use-after-free in drm/nouveau. nouveau_bo_init() returns errors from ttm_bo_init(); on failure, ttm_bo_init() calls the destructor, which frees the GEM object through nouveau_bo_del_ttm(). Later handling could reference freed memory. Kernel stable commits are cited as the resolution.

Likely exposure

Exposure is most likely on Linux systems running affected kernel versions with the nouveau DRM driver available or in use. The source lists Linux kernel entries including 5.4, 5.10.73, 5.14.12, and 5.15, but version data is incomplete and should be validated against vendor kernel advisories.

Exploitation context

The provided sources do not show active exploitation, public exploit availability, KEV listing, or practical exploit prerequisites. Treat this as a kernel memory-safety issue requiring patch validation, not as confirmed exploited activity.

Researcher notes

Official CVE data confirms the resolved bug pattern but omits CVSS, CWE, exploitability detail, and precise downstream distro status. The safest research path is commit review, affected-branch mapping, and vendor advisory correlation without assuming exploitability.

Mitigation direction

  • Check Linux distribution guidance for CVE-2020-36788.
  • Update affected kernels to builds containing the referenced stable fixes.
  • Confirm custom kernels include the relevant nouveau fix commits.
  • If nouveau is unnecessary, evaluate vendor-supported disablement after testing.

Validation and detection

  • Inventory Linux hosts and kernel versions.
  • Identify systems where the nouveau DRM driver is present or enabled.
  • Compare vendor kernel changelogs against the cited stable commits.
  • Verify patched systems run a fixed kernel after maintenance.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2020-36788 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
4Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux019cbd4a4feb3aa3a917d78e7110e3011bbff6d5, 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5, 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5unaffected
LinuxLinux5.4, 0, 5.10.73, 5.14.12, 5.15affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.