Lucene search

[email protected]NVD:CVE-2020-8835

HistoryApr 02, 2020 - 6:15 p.m.

CVE-2020-8835

2020-04-0218:15:18

CWE-125

CWE-787

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Affected configurations

NVD

Node

linuxlinux_kernelRange5.4.7–5.4.29

linuxlinux_kernelRange5.5.0–5.5.14

linuxlinux_kernelRange5.6–5.6.1

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

Node

netappcloud_backupMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netapp8300_firmwareMatch-

AND

netapp8300Match-

Node

netapp8700_firmwareMatch-

AND

netapp8700Match-

Node

netappa400_firmwareMatch-

AND

netappa400Match-

Node

netappa320_firmwareMatch-

AND

netappa320Match-

Node

netappc190_firmwareMatch-

AND

netappc190Match-

Node

netappa220_firmwareMatch-

AND

netappa220Match-

Node

netappfas2720_firmwareMatch-

AND

netappfas2720Match-

Node

netappfas2750_firmwareMatch-

AND

netappfas2750Match-

Node

netappa800_firmwareMatch-

AND

netappa800Match-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph610c_firmwareMatch-

AND

netapph610cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netapph615c_firmwareMatch-

AND

netapph615cMatch-

References

www.openwall.com/lists/oss-security/2021/07/20/1

git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/

lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/

security.netapp.com/advisory/ntap-20200430-0004/

usn.ubuntu.com/4313-1/

usn.ubuntu.com/usn/usn-4313-1

www.openwall.com/lists/oss-security/2020/03/30/3

www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for NVD:CVE-2020-8835

ubuntucve1 f51 fedora8 cvelist1 zdi1 nessus4 githubexploit4 archlinux3 ubuntu1 openvas11 cve1 redhatcve2 debiancve1 prion1 attackerkb2 zdt1 packetstorm2 mageia2 metasploit1 oraclelinux1