Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Published

2020-04-02T18:15:18.943

Last Modified

2024-11-21T05:39:32.163

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-125
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.4.29	Yes
Operating System	linux	linux_kernel	< 5.5.14	Yes
Operating System	linux	linux_kernel	< 5.6.1	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	19.10	Yes
Application	netapp	cloud_backup	-	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	solidfire	-	Yes
Application	netapp	steelstore_cloud_integrated_storage	-	Yes
Operating System	netapp	a700s_firmware	-	Yes
Hardware	netapp	a700s	-	No
Operating System	netapp	8300_firmware	-	Yes
Hardware	netapp	8300	-	No
Operating System	netapp	8700_firmware	-	Yes
Hardware	netapp	8700	-	No
Operating System	netapp	a400_firmware	-	Yes
Hardware	netapp	a400	-	No
Operating System	netapp	a320_firmware	-	Yes
Hardware	netapp	a320	-	No
Operating System	netapp	c190_firmware	-	Yes
Hardware	netapp	c190	-	No
Operating System	netapp	a220_firmware	-	Yes
Hardware	netapp	a220	-	No
Operating System	netapp	fas2720_firmware	-	Yes
Hardware	netapp	fas2720	-	No
Operating System	netapp	fas2750_firmware	-	Yes
Hardware	netapp	fas2750	-	No
Operating System	netapp	a800_firmware	-	Yes
Hardware	netapp	a800	-	No
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	h610c_firmware	-	Yes
Hardware	netapp	h610c	-	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	-	No
Operating System	netapp	h615c_firmware	-	Yes
Hardware	netapp	h615c	-	No

References

http://www.openwall.com/lists/oss-security/2021/07/20/1 Exploit, Mailing List, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef Patch, Vendor Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef Patch, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/ ([email protected])
https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/ ([email protected])
https://security.netapp.com/advisory/ntap-20200430-0004/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/4313-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/usn/usn-4313-1 Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2020/03/30/3 Mailing List, Patch, Third Party Advisory ([email protected])
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/07/20/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/ (af854a3a-2127-422b-91ae-364da2661108)
https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200430-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4313-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/usn/usn-4313-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2020/03/30/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)