UBUNTU-CVE-2020-36791
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().
CVSS Metrics
- v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Systems
- ubuntu•linux
< 4.4.0-179.209 | < 4.15.0-99.100
- ubuntu•linux-allwinner-5.19
all
- ubuntu•linux-aws
< 4.4.0-1067.71 | < 4.4.0-1107.118 | < 4.15.0-1066.70
- ubuntu•linux-aws-5.0
all
- ubuntu•linux-aws-5.11
all
- ubuntu•linux-aws-5.13
all
- ubuntu•linux-aws-5.19
all
- ubuntu•linux-aws-5.3
all
- ubuntu•linux-aws-5.8
all
- ubuntu•linux-aws-6.2
all
- ubuntu•linux-aws-6.5
all
- ubuntu•linux-aws-hwe
< 4.15.0-1066.70~16.04.1
- ubuntu•linux-azure
< 4.15.0-1082.92~14.04.1 | < 4.15.0-1082.92~16.04.1 | all
- ubuntu•linux-azure-5.11
all
- ubuntu•linux-azure-5.13
all
- ubuntu•linux-azure-5.19
all
- ubuntu•linux-azure-5.3
all
- ubuntu•linux-azure-5.8
all
- ubuntu•linux-azure-6.2
all
- ubuntu•linux-azure-6.5
all
- ubuntu•linux-azure-edge
all
- ubuntu•linux-azure-fde
all
- ubuntu•linux-azure-fde-5.19
all
- ubuntu•linux-azure-fde-6.2
all
- ubuntu•linux-fips
< 4.4.0-1034.39 | < 4.15.0-1029.34
- ubuntu•linux-gcp
< 4.15.0-1061.65 | all
- ubuntu•linux-gcp-5.11
all
- ubuntu•linux-gcp-5.13
all
- ubuntu•linux-gcp-5.19
all
- ubuntu•linux-gcp-5.3
all
- ubuntu•linux-gcp-5.8
all
- ubuntu•linux-gcp-6.2
all
- ubuntu•linux-gcp-6.5
all
- ubuntu•linux-gke
all
- ubuntu•linux-gke-4.15
all
- ubuntu•linux-gke-5.15
all
- ubuntu•linux-gke-5.4
all
- ubuntu•linux-gkeop
all
- ubuntu•linux-gkeop-5.15
all
- ubuntu•linux-gkeop-5.4
all
- ubuntu•linux-hwe
< 4.15.0-99.100~16.04.1 | all
- ubuntu•linux-hwe-5.11
all
- ubuntu•linux-hwe-5.13
all
- ubuntu•linux-hwe-5.19
all
- ubuntu•linux-hwe-5.8
all
- ubuntu•linux-hwe-6.2
all
- ubuntu•linux-hwe-6.5
all
- ubuntu•linux-hwe-edge
all | all
- ubuntu•linux-intel-5.13
all
- ubuntu•linux-intel-iot-realtime
all
Showing first 50 affected entries in server-rendered view.
References (12)
- https://ubuntu.com/security/CVE-2020-36791
- https://www.cve.org/CVERecord?id=CVE-2020-36791
- https://git.kernel.org/linus/0d1c3530e1bd38382edef72591b78e877e0edcd3
- https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
- https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
- https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
- https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
- https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
- https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
- https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
- https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
- https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534