Ubuntu.comUB:CVE-2020-8835CVE-2020-8835
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
36.3%
In the Linux kernel 5.5.0 and newer, the bpf verifier
(kernel/bpf/verifier.c) did not properly restrict the register bounds for
32-bit operations, leading to out-of-bounds reads and writes in kernel
memory. The vulnerability also affects the Linux 5.4 stable series,
starting with v5.4.7, as the introducing commit was backported to that
branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue
is aka ZDI-CAN-10780)
Notes
| Author | Note |
|---|---|
| sbeattie | introduced by upstream commit 581738a681b6, which was mistakenly backported to upstream stable 5.4 kernel (b4de258dede528f88f401259aab3147fb6da1ddf). Ubuntu’s 5.3 kernels are affected because 5.4 stable backport commits were pulled into Ubuntu’s 5.3 kernels. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 19.10 | noarch | linux | < 5.3.0-45.37 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux-aws | < 5.3.0-1015.16 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux-azure | < 5.3.0-1018.19 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-azure-5.3 | < 5.3.0-1018.19~18.04.1 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux-gcp | < 5.3.0-1016.17 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-gcp-5.3 | < 5.3.0-1016.17~18.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-gke-5.3 | < 5.3.0-1016.17~18.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-hwe | < 5.3.0-45.37~18.04.1 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux-kvm | < 5.3.0-1014.15 | UNKNOWN |
| ubuntu | 19.10 | noarch | linux-oracle | < 5.3.0-1013.14 | UNKNOWN |
References
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
launchpad.net/bugs/cve/CVE-2020-8835
lore.kernel.org/bpf/[email protected]/T/
nvd.nist.gov/vuln/detail/CVE-2020-8835
security-tracker.debian.org/tracker/CVE-2020-8835
ubuntu.com/security/notices/USN-4313-1
www.cve.org/CVERecord?id=CVE-2020-8835
www.openwall.com/lists/oss-security/2020/03/30/3
www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
www.zerodayinitiative.com/advisories/ZDI-20-350/
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
36.3%