Vulnerability Description
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.4.7, < 5.4.29 |
| Fedoraproject | Fedora | 30 |
| Canonical | Ubuntu Linux | 18.04 |
| Netapp | Cloud Backup | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | A700S Firmware | - |
| Netapp | A700S | - |
| Netapp | 8300 Firmware | - |
| Netapp | 8300 | - |
| Netapp | 8700 Firmware | - |
| Netapp | 8700 | - |
| Netapp | A400 Firmware | - |
| Netapp | A400 | - |
| Netapp | A320 Firmware | - |
| Netapp | A320 | - |
| Netapp | C190 Firmware | - |
| Netapp | C190 | - |
| Netapp | A220 Firmware | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/07/20/1ExploitMailing ListThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=fPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2PatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
- https://security.netapp.com/advisory/ntap-20200430-0004/Third Party Advisory
- https://usn.ubuntu.com/4313-1/Third Party Advisory
- https://usn.ubuntu.com/usn/usn-4313-1Third Party Advisory
- https://www.openwall.com/lists/oss-security/2020/03/30/3Mailing ListPatchThird Party Advisory
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-resultsThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/07/20/1ExploitMailing ListThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=fPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2PatchVendor Advisory
FAQ
What is CVE-2020-8835?
CVE-2020-8835 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel m...
How severe is CVE-2020-8835?
CVE-2020-8835 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8835?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Hci Management Node.