7.2
CVSSv2

CVE-2020-8835

Published: 02/04/2020 Updated: 30/04/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Linux Kernel could allow a local authenticated malicious user to execute arbitrary code on the system, caused by a flaw in the bpf verifier for 32bit operations. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Vendor Advisories

Arch Linux Security Advisory ASA-202003-15 ========================================== Severity: High Date : 2020-03-31 CVE-ID : CVE-2020-8835 Package : linux Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1122 Summary ======= The package linux before version 5513arch2-1 is vulnerable to privilege ...
Arch Linux Security Advisory ASA-202004-2 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-hardened Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1120 Summary ======= The package linux-hardened before version 5513b-1 is vulnerable t ...
Arch Linux Security Advisory ASA-202004-3 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-lts Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1121 Summary ======= The package linux-lts before version 5428-2 is vulnerable to privilege ...
Arch Linux Security Advisory ASA-202004-4 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1122 Summary ======= The package linux before version 5513arch2-1 is vulnerable to privilege es ...
Arch Linux Security Advisory ASA-202003-14 ========================================== Severity: High Date : 2020-03-31 CVE-ID : CVE-2020-8835 Package : linux-hardened Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1120 Summary ======= The package linux-hardened before version 5513b-1 is vulnerable ...
Arch Linux Security Advisory ASA-202003-16 ========================================== Severity: High Date : 2020-03-31 CVE-ID : CVE-2020-8835 Package : linux-lts Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-1121 Summary ======= The package linux-lts before version 5428-2 is vulnerable to privileg ...
An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or poten ...

Mailing Lists

[re-sending, apologies if a prior version makes it to the list] Manfred Paul, as part of the ZDI pwn2own competition, demonstrated that a flaw existed in the bpf verifier for 32bit operations This was introduced in commit: 581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions") The result is that register bounds were im ...

Github Repositories

Rick_write_exp_CVE-2020-8835

CVE-2020-8835

Linux kernel EoP exp

linux-kernel-exploits 简介 在github项目:githubcom/SecWiki/linux-kernel-exploits 的基础上增加了最近几年的提权漏洞Exp,漏洞相关信息的搜集在对应漏洞文件夹下的Readmemd。 红队攻击时,可以通过脚本:githubcom/mzet-/linux-exploit-suggester/blob/master/linux-exploit-suggestersh 评估系统可能受到哪些提

Linux Kernel Exploitation Pull requests are welcome Books 2014: "Android Hacker's Handbook" by Joshua J Drake 2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani Workshops 2020: "Android Kernel Exploitation" by Ashfaq Ansari [workshop] Exploitation Techniques 2020: "Structures that can be u

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Tor Project loses a third of staff in coronavirus cuts: Unlucky 13 out as nonprofit hacks back to core ops
The Register • Shaun Nichols in San Francisco • 20 Apr 2020

Also, Zoom assembles security dream team to fix its ongoing woes

This week in The Reg's security roundup of the notable bits beyond what we've already covered, the Tor Project has cut back to its core team, Zoom has called in the big security guns, US tech firms are taking on its Congress – and more.
First off, it has been a bad weekend for 13 staffers at the nonprofit Tor Project after they were let go as the team was reduced to core operations only.
"Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had t...