Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8835
HistoryMar 30, 2020 - 12:00 a.m.

CVE-2020-8835

2020-03-3000:00:00
ubuntu.com
ubuntu.com
9

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

34.9%

In the Linux kernel 5.5.0 and newer, the bpf verifier
(kernel/bpf/verifier.c) did not properly restrict the register bounds for
32-bit operations, leading to out-of-bounds reads and writes in kernel
memory. The vulnerability also affects the Linux 5.4 stable series,
starting with v5.4.7, as the introducing commit was backported to that
branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue
is aka ZDI-CAN-10780)

Notes

Author Note
sbeattie introduced by upstream commit 581738a681b6, which was mistakenly backported to upstream stable 5.4 kernel (b4de258dede528f88f401259aab3147fb6da1ddf). Ubuntu’s 5.3 kernels are affected because 5.4 stable backport commits were pulled into Ubuntu’s 5.3 kernels.
Rows per page:
1-10 of 131

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

34.9%