CVE-2020-36558: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2020-36558) was discovered in the Linux kernel before version 5.5.7. The issue exists in the Virtual Terminal subsystem, specifically involving the VT_RESIZEX ioctl operation. The vulnerability was disclosed in July 2022 and affects the Linux kernel's virtual terminal functionality (NVD, MITRE).

The vulnerability stems from a race condition in the VT_RESIZEX ioctl operation where vc_cons[i].d could be NULL after grabbing the console_lock(), leading to a NULL pointer dereference. The issue has a CVSS v3.1 base score of 5.1 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Commit).

When exploited, this vulnerability can lead to a NULL pointer dereference and general protection fault, potentially causing a system crash. The impact is primarily on system availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability was fixed in Linux kernel version 5.5.7 with a patch that ensures proper NULL pointer checking after acquiring the console_lock(). Users should upgrade to Linux kernel version 5.5.7 or later to address this vulnerability (Kernel Commit).