Published: 02/04/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 644

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
fedoraproject fedora 30
fedoraproject fedora 31
fedoraproject fedora 32
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
netapp cloud backup -
netapp steelstore cloud integrated storage -
netapp solidfire -
netapp hci management node -
netapp a700s_firmware -
netapp 8300_firmware -
netapp 8700_firmware -
netapp a400_firmware -
netapp a320_firmware -
netapp c190_firmware -
netapp a220_firmware -
netapp fas2720_firmware -
netapp fas2750_firmware -
netapp a800_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
netapp h610c_firmware -
netapp h610s_firmware -
netapp h615c_firmware -

The system could be made to expose sensitive information or run programs as an administrator ...

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or poten ...

Linux kernels from 57-rc1 prior to 513-rc4, 5124, 51121, and 51037 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32_min_max_and function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not be properly updated This can be abused by attacker ...

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2020-8835: Linux kernel bpf incorrect verifier vulnerability   From: ...

INF8602-CVE-2020-8835 Testing the kernel exploit Testing without Docker cd /app npm i node serverjs Testing with Docker to test defensive capability # Make sure to be in the same directory as the Dockerfile # Build the Docker image docker build -t inf8602/node-web-app # Your docker image should be listed by Docker docker images #

Rick_write_exp_CVE-2020-8835

CVE type CVE-2020-14386 linux Network CVE-2020-27194 linux eBPF CVE-2020-8835 linux eBPF

my exp for CVE-2020-27194, tested on linux kernel 5.8.14.

CVE-2020-27194 my exp for CVE-2020-27194, tested on linux kernel 5814 More details : ama2in9top/2020/12/14/CVE-2020-27194/ reference CVE-2020-8835 pwn2own 2020 ebpf 提权漏洞分析 CVE-2020-8835 pwn2own 2020 ebpf 通过任意读写提权分析

fuzz the linux kernel bpf verifier

INTRODUCTION The idea comes from scannell's blog, Fuzzing for eBPF JIT bugs in the Linux kernel It contains three parts: qemu fuzzlib ebpf sample generator exception handler in the linux kernel QEMU FUZZLIB This module is mainly used to test the linux kernel It uses the modified syzkaller script to generate debian buster image file and all other necessary files The mo

Presentations-Blogs-Papers-Tutorials-Books This is a place to share the presentations, blog posts, papers, tutorials, books etc I have watched/ planed to watch, mainly related to hacking, coding & learning Course list Course Learning point Status High-Level Approaches for Finding Vulnerabilities bug hunting methodology Not started What Makes Software Exploita

CVE-2020-8835

Solution for EBPF challenge in Google CTF 2021

Exploit for EBPF challenge in Google CTF 2021 qualifications Compile with gcc -static -Os -s /exploitc -o exploit Based on githubcom/ret2hell/CVE-2020-8835

Presentations-Blogs-Papers-Tutorials-Books This is a place to share the presentations, blog posts, papers, tutorials, books etc I have watched/ planed to watch, mainly related to hacking, coding & learning Course list Course Learning point Status High-Level Approaches for Finding Vulnerabilities bug hunting methodology Not started What Makes Software Exploita

Tor Project loses a third of staff in coronavirus cuts: Unlucky 13 out as nonprofit hacks back to core ops

The Register • Shaun Nichols in San Francisco • 20 Apr 2020

Also, Zoom assembles security dream team to fix its ongoing woes

Roundup This week in The Reg's security roundup of the notable bits beyond what we've already covered, the Tor Project has cut back to its core team, Zoom has called in the big security guns, US tech firms are taking on its Congress – and more. First off, it has been a bad weekend for 13 staffers at the nonprofit Tor Project after they were let go as the team was reduced to core operations only. "Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to ma...

CVE-2020-8835

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect