7.1

CVE-2020-36791

net_sched: keep alloc_hash updated after hash allocation

In the Linux kernel, the following vulnerability has been resolved:

net_sched: keep alloc_hash updated after hash allocation

In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.

cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4.214 < 4.4.218
LinuxLinux Kernel Version >= 4.9.214 < 4.9.218
LinuxLinux Kernel Version >= 4.14.171 < 4.14.175
LinuxLinux Kernel Version >= 4.19.103 < 4.19.114
LinuxLinux Kernel Version >= 5.4.19 < 5.4.29
LinuxLinux Kernel Version >= 5.5.3 < 5.5.14
LinuxLinux Kernel Version5.6 Updaterc1
LinuxLinux Kernel Version5.6 Updaterc2
LinuxLinux Kernel Version5.6 Updaterc3
LinuxLinux Kernel Version5.6 Updaterc4
LinuxLinux Kernel Version5.6 Updaterc5
LinuxLinux Kernel Version5.6 Updaterc6
LinuxLinux Kernel Version5.6 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.054
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
Patch
https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
Patch
https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
Patch
https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
Patch
https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
Patch
https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
Patch
https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
Patch
https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
Third Party Advisory
https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
Issue Tracking