Linux Distros Unpatched Vulnerability : CVE-2020-8835

🗓️ 15 Aug 2025 00:00:00Reported by TenableType

CVE-2020-8835 Linux kernel berkeley packet filter out-of-bounds; affects 5.5.0+ and 5.4.7+ unpatched

Reporter	Title	Published	Views	Family All 86
Gitee	Exploit for Improper Access Control in Xen	24 Jan 202110:46	–	gitee
Gitee	Exploit for Improper Access Control in Xen	14 Aug 202123:00	–	gitee
Gitee	Exploit for Incorrect Conversion between Numeric Types in Linux Linux_Kernel	21 Nov 202113:53	–	gitee
0day.today	Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation Exploit	1 Sep 202100:00	–	zdt
ATTACKERKB	CVE-2021-33909	20 Jul 202100:00	–	attackerkb
ATTACKERKB	CVE-2020-8835	30 Mar 202000:00	–	attackerkb
ArchLinux	[ASA-202004-2] linux-hardened: privilege escalation	1 Apr 202000:00	–	archlinux
ArchLinux	[ASA-202004-3] linux-lts: privilege escalation	1 Apr 202000:00	–	archlinux
ArchLinux	[ASA-202004-4] linux: privilege escalation	1 Apr 202000:00	–	archlinux
Circl	CVE-2020-8835	25 Apr 202023:00	–	circl

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-8835
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(250159);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/15");

  script_cve_id("CVE-2020-8835");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-8835");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict
    the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The
    vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit
    was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka
    ZDI-CAN-10780) (CVE-2020-8835)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-8835");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8835");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "linux-azure-edge"},
          {"reference": "linux-gcp-edge"},
          {"reference": "linux-hwe-edge"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "linux-raspi2"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

15 Aug 2025 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 27.2

CVSS 3.17.8

EPSS0.23269