{"id":"CVE-2020-36788","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: avoid a use-after-free when BO init fails\n\nnouveau_bo_init() is backed by ttm_bo_init() and ferries its return code\nback to the caller. On failures, ttm_bo_init() invokes the provided\ndestructor which should de-initialize and free the memory.\n\nThus, when nouveau_bo_init() returns an error the gem object has already\nbeen released and the memory freed by nouveau_bo_del_ttm().","modified":"2026-03-13T00:42:17.868501Z","published":"2024-05-21T15:15:11.187Z","related":["SUSE-SU-2024:2008-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2185-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1","SUSE-SU-2025:0231-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d"},{"type":"FIX","url":"https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.4"},{"fixed":"5.10.73"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.14.12"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc4"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36788.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}