CVE-2020-8835

Description from NVD

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Information Acquisition Date:2021-04-27T10:41Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 N/A
     source:CONFIRM
     tags:Mailing List    Patch    Third Party Advisory    
 N/A
     source:CONFIRM
     tags:Patch    Vendor Advisory    
 N/A
     source:CONFIRM
     tags:Third Party Advisory    
 N/A
     source:CONFIRM
     tags:Patch    Vendor Advisory    
 N/A
     source:UBUNTU
     tags:Third Party Advisory    
 N/A
     source:CONFIRM
     tags:Patch    Vendor Advisory    
 USN-4313-1
     source:UBUNTU
     tags:Third Party Advisory    
 FEDORA-2020-4ef0bcc89c
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 FEDORA-2020-666f3b1ac3
     source:FEDORA
     tags:
 FEDORA-2020-73c00eda1c
     source:FEDORA
     tags:
 https://security.netapp.com/advisory/ntap-20200430-0004/
     source:CONFIRM
     tags:

Description from Forti

CVE-2020-8835kernel: out-of-bounds read/write in the bpf verifier

Information Acquisition Date:2020/05/01

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...244
https://twitter.com/thezdi/status/12508043525597798425
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-...5
http://vulmon.com/vulnerabilitydetails?qid=CVE-2020-88353
https://capsule8.com/blog/ebpfs-rollercoaster-of-pwn-an-ove...3
https://www.thezdi.com/blog/2020/4/8/cve-2020-8835-linux-ke...3
http://tweetedtimes.com/v/21798?s=tnp3
https://www.openwall.com/lists/oss-security/2020/03/30/33
https://www.zerodayinitiative.com/blog/2020/4/8/cve-2020-88...3

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-8835 Source threatintelctr   1519001673926160386 2022/04/27
LinInfoSec https://www.openwall.com/lists/oss-security/2020/03/30/3 Source LinInfoSec       1519030288336183297 2022/04/27

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com244
twitter.com5
people.canonical.com5
vulmon.com3
capsule8.com3
www.thezdi.com3
tweetedtimes.com3
www.openwall.com3
www.zerodayinitiative.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
LinInfoSec openwall.com Show Tweet
GitHub Search Results: Up to 10
NameURL
socketcall/CVE-2020-8835 https://github.com/socketcall/CVE-2020-8835
snappyJack/Rick_write_exp_CVE-2020-8835 https://github.com/snappyJack/Rick_write_exp_CVE-2020-8835
KashaMalaga/cve2020-8835 https://github.com/KashaMalaga/cve2020-8835
SplendidSky/CVE-2020-8835 https://github.com/SplendidSky/CVE-2020-8835
Prabhashaka/IT19147192-CVE-2020-8835 https://github.com/Prabhashaka/IT19147192-CVE-2020-8835
GitHub Search Results: Up to 10
NameURL
socketcall/CVE-2020-8835 github.com
snappyJack/Rick_write_exp_CVE-2020-8835 github.com
KashaMalaga/cve2020-8835 github.com
SplendidSky/CVE-2020-8835 github.com
Prabhashaka/IT19147192-CVE-2020-8835 github.com
2022/04/27 Score : 2
Added Har-sia Database : 2020/03/31
Last Modified : 2022/04/27
Highest Scored Date : 2020/04/17
Highest Score : 34