fkie_cve-2020-36791
Vulnerability from fkie_nvd
Published
2025-05-07 14:15
Modified
2025-11-10 17:34
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net_sched: keep alloc_hash updated after hash allocation
In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.
cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA46E804-CC77-4E3E-8EFE-1E0D208F2891",
"versionEndExcluding": "4.4.218",
"versionStartIncluding": "4.4.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "532BFC53-5843-4E9A-9AB3-3898853DD42C",
"versionEndExcluding": "4.9.218",
"versionStartIncluding": "4.9.214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CFC34C-0C30-400B-A805-EBB9AD56155E",
"versionEndExcluding": "4.14.175",
"versionStartIncluding": "4.14.171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05AC3490-6BEC-4FB4-9577-02840D73CE90",
"versionEndExcluding": "4.19.114",
"versionStartIncluding": "4.19.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9253035D-B349-4044-B4B2-0052B6F8AF01",
"versionEndExcluding": "5.4.29",
"versionStartIncluding": "5.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF089097-DB58-4F52-AC68-3418ADEE10A2",
"versionEndExcluding": "5.5.14",
"versionStartIncluding": "5.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F5DAF39E-0835-49B4-8221-7FCE81692A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "73DFCE15-1BB8-4740-B9CD-57F2DF3EA15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7D3107F6-EB44-4C65-AA1B-1E96923F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DC0C894E-6323-44E5-89DD-8FB6A5C41CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4C76EAC9-C2E6-4B6F-B002-ADBE74DDD794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc6:*:*:*:*:*:*",
"matchCriteriaId": "F13B8FBF-E007-4F60-A290-2833B45F8520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc7:*:*:*:*:*:*",
"matchCriteriaId": "CD0276C4-2C60-4C52-AC89-F96DF991B858",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: keep alloc_hash updated after hash allocation\n\nIn commit 599be01ee567 (\"net_sched: fix an OOB access in cls_tcindex\")\nI moved cp-\u003ehash calculation before the first\ntcindex_alloc_perfect_hash(), but cp-\u003ealloc_hash is left untouched.\nThis difference could lead to another out of bound access.\n\ncp-\u003ealloc_hash should always be the size allocated, we should\nupdate it after this tcindex_alloc_perfect_hash()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: mantener alloc_hash actualizado tras la asignaci\u00f3n de hash. En el commit 599be01ee567 (\"net_sched: corregir un acceso OOB en cls_tcindex\"), se movi\u00f3 el c\u00e1lculo de cp-\u0026gt;hash antes del primer tcindex_alloc_perfect_hash(), pero se mantuvo intacto. Esta diferencia podr\u00eda provocar otro acceso fuera de los l\u00edmites. cp-\u0026gt;alloc_hash siempre debe tener el tama\u00f1o asignado; debemos actualizarlo despu\u00e9s de este tcindex_alloc_perfect_hash()."
}
],
"id": "CVE-2020-36791",
"lastModified": "2025-11-10T17:34:55.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-07T14:15:28.513",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Issue Tracking"
],
"url": "https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…