CVE-2020-8835 - OpenCVE

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	H700s Fas2750 Firmware Steelstore Cloud Integrated Storage A700s Firmware Fas2720 Firmware H700e H500s H410s Firmware Hci Management Node H300e Firmware H500s Firmware H300s Firmware C190 Firmware 8300 Firmware H700s Firmware A700s H610s Firmware 8700 Cloud Backup H610s 8700 Firmware Solidfire C190 A800 Firmware H610c Firmware H615c Firmware A320 Firmware H610c H500e A800 A400 H700e Firmware A320 H300s H300e H615c H500e Firmware A220 Firmware H410s A220 Fas2720 A400 Firmware 8300 Fas2750
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/07/20/1	Exploit Mailing List Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef	Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/
https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
https://security.netapp.com/advisory/ntap-20200430-0004/	Third Party Advisory
https://usn.ubuntu.com/4313-1/	Third Party Advisory
https://usn.ubuntu.com/usn/usn-4313-1	Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/03/30/3	Mailing List Patch Third Party Advisory
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results	Third Party Advisory