Vulnerability Details CVE-2020-8835
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.247
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://www.openwall.com/lists/oss-security/2021/07/20/1
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/
- https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
- https://security.netapp.com/advisory/ntap-20200430-0004/
- https://usn.ubuntu.com/4313-1/
- https://usn.ubuntu.com/usn/usn-4313-1
- https://www.openwall.com/lists/oss-security/2020/03/30/3
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
- http://www.openwall.com/lists/oss-security/2021/07/20/1
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/
- https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
- https://security.netapp.com/advisory/ntap-20200430-0004/
- https://usn.ubuntu.com/4313-1/
- https://usn.ubuntu.com/usn/usn-4313-1
- https://www.openwall.com/lists/oss-security/2020/03/30/3
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
Products affected by CVE-2020-8835
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
-
cpe:2.3:h:netapp:8300:-
-
cpe:2.3:h:netapp:8700:-
-
cpe:2.3:h:netapp:a220:-
-
cpe:2.3:h:netapp:a320:-
-
cpe:2.3:h:netapp:a400:-
-
cpe:2.3:h:netapp:a700s:-
-
cpe:2.3:h:netapp:a800:-
-
cpe:2.3:h:netapp:c190:-
-
cpe:2.3:h:netapp:fas2720:-
-
cpe:2.3:h:netapp:fas2750:-
-
cpe:2.3:h:netapp:h300e:-
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500e:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h610c:-
-
cpe:2.3:h:netapp:h610s:-
-
cpe:2.3:h:netapp:h615c:-
-
cpe:2.3:h:netapp:h700e:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:linux:linux_kernel:5.4.10
-
cpe:2.3:o:linux:linux_kernel:5.4.11
-
cpe:2.3:o:linux:linux_kernel:5.4.12
-
cpe:2.3:o:linux:linux_kernel:5.4.13
-
cpe:2.3:o:linux:linux_kernel:5.4.14
-
cpe:2.3:o:linux:linux_kernel:5.4.15
-
cpe:2.3:o:linux:linux_kernel:5.4.16
-
cpe:2.3:o:linux:linux_kernel:5.4.17
-
cpe:2.3:o:linux:linux_kernel:5.4.18
-
cpe:2.3:o:linux:linux_kernel:5.4.19
-
cpe:2.3:o:linux:linux_kernel:5.4.20
-
cpe:2.3:o:linux:linux_kernel:5.4.21
-
cpe:2.3:o:linux:linux_kernel:5.4.22
-
cpe:2.3:o:linux:linux_kernel:5.4.23
-
cpe:2.3:o:linux:linux_kernel:5.4.24
-
cpe:2.3:o:linux:linux_kernel:5.4.25
-
cpe:2.3:o:linux:linux_kernel:5.4.26
-
cpe:2.3:o:linux:linux_kernel:5.4.27
-
cpe:2.3:o:linux:linux_kernel:5.4.28
-
cpe:2.3:o:linux:linux_kernel:5.4.7
-
cpe:2.3:o:linux:linux_kernel:5.4.8
-
cpe:2.3:o:linux:linux_kernel:5.4.9
-
cpe:2.3:o:linux:linux_kernel:5.5.0
-
cpe:2.3:o:linux:linux_kernel:5.5.1
-
cpe:2.3:o:linux:linux_kernel:5.5.10
-
cpe:2.3:o:linux:linux_kernel:5.5.11
-
cpe:2.3:o:linux:linux_kernel:5.5.12
-
cpe:2.3:o:linux:linux_kernel:5.5.13
-
cpe:2.3:o:linux:linux_kernel:5.5.2
-
cpe:2.3:o:linux:linux_kernel:5.5.3
-
cpe:2.3:o:linux:linux_kernel:5.5.4
-
cpe:2.3:o:linux:linux_kernel:5.5.5
-
cpe:2.3:o:linux:linux_kernel:5.5.6
-
cpe:2.3:o:linux:linux_kernel:5.5.7
-
cpe:2.3:o:linux:linux_kernel:5.5.8
-
cpe:2.3:o:linux:linux_kernel:5.5.9
-
cpe:2.3:o:linux:linux_kernel:5.6
-
cpe:2.3:o:netapp:8300_firmware:-
-
cpe:2.3:o:netapp:8700_firmware:-
-
cpe:2.3:o:netapp:a220_firmware:-
-
cpe:2.3:o:netapp:a320_firmware:-
-
cpe:2.3:o:netapp:a400_firmware:-
-
cpe:2.3:o:netapp:a700s_firmware:-
-
cpe:2.3:o:netapp:a800_firmware:-
-
cpe:2.3:o:netapp:c190_firmware:-
-
cpe:2.3:o:netapp:fas2720_firmware:-
-
cpe:2.3:o:netapp:fas2750_firmware:-
-
cpe:2.3:o:netapp:h300e_firmware:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500e_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h610c_firmware:-
-
cpe:2.3:o:netapp:h610s_firmware:-
-
cpe:2.3:o:netapp:h615c_firmware:-
-
cpe:2.3:o:netapp:h700e_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-