{"containers": {"cna": {"affected": [{"product": "Linux kernel", "vendor": "Linux kernel", "versions": [{"lessThan": "5.6.1", "status": "affected", "version": "5.6-stable", "versionType": "custom"}, {"lessThan": "5.5.14", "status": "affected", "version": "5.5-stable", "versionType": "custom"}, {"changes": [{"at": "5.4.29", "status": "unaffected"}], "lessThan": "5.4-stable*", "status": "affected", "version": "5.4.7", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Manfred Paul"}, {"lang": "en", "value": "Anatoly Trosinenko"}], "datePublic": "2020-03-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T14:06:18.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "USN-4313-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4313-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"}, {"tags": ["x_refsource_MISC"], "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3"}, {"tags": ["x_refsource_MISC"], "url": "https://usn.ubuntu.com/usn/usn-4313-1"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"name": "FEDORA-2020-4ef0bcc89c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/"}, {"name": "FEDORA-2020-666f3b1ac3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/"}, {"name": "FEDORA-2020-73c00eda1c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"}, {"name": "[oss-security] 20210720 CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/1"}], "solutions": [{"lang": "en", "value": "Revert commit 581738a681b6 (\"bpf: Provide better register bounds after jmp32 instructions\")."}], "source": {"discovery": "EXTERNAL"}, "title": "Linux kernel bpf verifier vulnerability", "workarounds": [{"lang": "en", "value": "Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1:\n\n $ sudo sysctl kernel.unprivileged_bpf_disabled=1\n $ echo kernel.unprivileged_bpf_disabled=1 | sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf\n\nThis issue is also mitigated on systems that use secure boot with the kernel lockdown feature which blocks BPF program loading."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2020-03-30T16:00:00.000Z", "ID": "CVE-2020-8835", "STATE": "PUBLIC", "TITLE": "Linux kernel bpf verifier vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux kernel", "version": {"version_data": [{"version_affected": "<", "version_name": "5.6-stable", "version_value": "5.6.1"}, {"version_affected": "<", "version_name": "5.5-stable", "version_value": "5.5.14"}, {"version_affected": ">=", "version_name": "5.4-stable", "version_value": "5.4.7"}, {"version_affected": "<", "version_name": "5.4-stable", "version_value": "5.4.29"}]}}]}, "vendor_name": "Linux kernel"}]}}, "credit": [{"lang": "eng", "value": "Manfred Paul"}, {"lang": "eng", "value": "Anatoly Trosinenko"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-4313-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4313-1/"}, {"name": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results", "refsource": "MISC", "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"}, {"name": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/", "refsource": "MISC", "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/"}, {"name": "https://www.openwall.com/lists/oss-security/2020/03/30/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3"}, {"name": "https://usn.ubuntu.com/usn/usn-4313-1", "refsource": "MISC", "url": "https://usn.ubuntu.com/usn/usn-4313-1"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"name": "FEDORA-2020-4ef0bcc89c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/"}, {"name": "FEDORA-2020-666f3b1ac3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/"}, {"name": "FEDORA-2020-73c00eda1c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/"}, {"name": "https://security.netapp.com/advisory/ntap-20200430-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"}, {"name": "[oss-security] 20210720 CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/07/20/1"}]}, "solution": [{"lang": "en", "value": "Revert commit 581738a681b6 (\"bpf: Provide better register bounds after jmp32 instructions\")."}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1:\n\n $ sudo sysctl kernel.unprivileged_bpf_disabled=1\n $ echo kernel.unprivileged_bpf_disabled=1 | sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf\n\nThis issue is also mitigated on systems that use secure boot with the kernel lockdown feature which blocks BPF program loading."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:10.621Z"}, "title": "CVE Program Container", "references": [{"name": "USN-4313-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4313-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://usn.ubuntu.com/usn/usn-4313-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"name": "FEDORA-2020-4ef0bcc89c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/"}, {"name": "FEDORA-2020-666f3b1ac3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/"}, {"name": "FEDORA-2020-73c00eda1c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"}, {"name": "[oss-security] 20210720 CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/1"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2020-8835", "datePublished": "2020-04-02T18:00:23.885Z", "dateReserved": "2020-02-10T00:00:00.000Z", "dateUpdated": "2024-09-17T02:15:48.820Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F715B99-43A7-4487-95F0-61A0C0D395D9", "versionEndExcluding": "5.4.29", "versionStartIncluding": "5.4.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1952E71-2355-44B6-99A9-8A7754C73458", "versionEndExcluding": "5.5.14", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "67F018B4-5EAD-485E-AE88-63C5BF663268", "versionEndExcluding": "5.6.1", "versionStartIncluding": "5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*", "matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", "matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", "matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)"}, {"lang": "es", "value": "En el kernel de Linux versiones 5.5.0 y m\u00e1s recientes, el verificador bpf (kernel/bpf/verifier.c) no restringi\u00f3 apropiadamente los l\u00edmites de registro para operaciones de 32 bits, conllevando a lecturas y escrituras fuera de l\u00edmites en la memoria del kernel. La vulnerabilidad tambi\u00e9n afecta a la serie estable de Linux versi\u00f3n 5.4, comenzando con la versi\u00f3n v5.4.7, ya que el commit de introducci\u00f3n fue respaldado en esa derivaci\u00f3n. Esta vulnerabilidad fue corregida en las versiones 5.6.1, 5.5.14 y 5.4.29. (el problema tambi\u00e9n se conoce como ZDI-CAN-10780)"}], "id": "CVE-2020-8835", "lastModified": "2024-11-21T05:39:32.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-02T18:15:18.943", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/1"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/"}, {"source": "security@ubuntu.com", "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4313-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4313-1"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200430-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4313-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4313-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: out-of-bounds read/write in the bpf verifier", "id": "1817350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817350"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-125|CWE-787)", "details": ["In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)", "An out-of-bounds access flaw was found in the Linux kernel\u2019s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs. This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or potentially gaining root privileges on the system."], "mitigation": {"lang": "en:us", "value": "The Linux kernel versions as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux MRG 2 are not affected because they did not backport the commit\n581738a681b6 (\"bpf: Provide better register bounds after jmp32 instructions\")\nwhich introduced this issue. Also by default unprivileged user are not allowed to access bpf(2) syscall.\nFedora kernel allows unprivileged users to access to bpf(2) syscall by default and is prone to this issue. To disable unprivileged access to bpf(2) sycall set following sysctl(8) variable:\n# sysctl -w kernel.unprivileged_bpf_disabled=1"}, "name": "CVE-2020-8835", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-03-30T16:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8835\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8835"], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and Red Hat Enterprise MRG 2.", "threat_severity": "Important"}

{}