CVE-2020-36791
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().
CVSS Metrics
- v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Trends
Current EPSS score: 0.06%• Percentile: 19%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- linux•linux
≥ 73c29d2f6f8ae731b1e09051b69ed3ba2319482b, < d6cdc5bb19b595486fb2e6661e5138d73a57f454 | ≥ b974ac51f5834a729de252fc5c1c9de9efd79b45, < c4453d2833671e3a9f6bd52f0f581056c3736386 | ≥ 6cb448ee493c8a514c9afa0c346f3f5b3227de85, < 9f8b6c44be178c2498a00b270872a6e30e7c8266 | ≥ 478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5, < 557d015ffb27b672e24e6ad141fd887783871dc2 | ≥ dd8142a6fa5270783d415292ec8169f4ea2a5468, < d23faf32e577922b6da20bf3740625c1105381bf | ≥ 2c66ff8d08f81bcf8e8cb22e31e39c051b15336a, < bd3ee8fb6371b45c71c9345cc359b94da2ddefa9 | ≥ 599be01ee567b61f4471ee8078870847d0a11e8e, < 0d1c3530e1bd38382edef72591b78e877e0edcd3 | ≥ 4.4.214, < 4.4.218 | ≥ 4.9.214, < 4.9.218 | ≥ 4.14.171, < 4.14.175 | ≥ 4.19.103, < 4.19.114 | ≥ 5.4.19, < 5.4.29 | ≥ 5.5.3, < 5.5.14
- linux•linux_kernel
≥ 4.4.214, < 4.4.218 | ≥ 4.9.214, < 4.9.218 | ≥ 4.14.171, < 4.14.175 | ≥ 4.19.103, < 4.19.114 | ≥ 5.4.19, < 5.4.29 | ≥ 5.5.3, < 5.5.14 | 5.6:rc1 | 5.6:rc2 | 5.6:rc3 | 5.6:rc4 | 5.6:rc5 | 5.6:rc6 | 5.6:rc7
References (9)
- https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
- https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
- https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
- https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
- https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
- https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
- https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
- https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
- https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html