DEBIAN-CVE-2020-8835

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2020-8835

Published: 02 Apr 2020, 18:15

Last modified:28 Apr 2026, 20:21

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Apr 2020, 18:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:21

Last Modified

Vulnerability information updated

Description

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•linux
< 5.5.13-2 | < 5.5.13-2 | < 5.5.13-2 | < 5.5.13-2

References (1)

https://security-tracker.debian.org/tracker/CVE-2020-8835