CVE-2020-8835 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs. This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or potentially gaining root privileges on the system.

Group	Package	Affected	Fixed	Severity	Status
AVG-1122	linux	5.5.13.arch1-1	5.5.13.arch2-1	High	Fixed
AVG-1121	linux-lts	5.4.28-1	5.4.28-2	High	Fixed
AVG-1120	linux-hardened	5.5.13.a-1	5.5.13.b-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Apr 2020	ASA-202004-4	AVG-1122	linux	High	privilege escalation
01 Apr 2020	ASA-202004-3	AVG-1121	linux-lts	High	privilege escalation
01 Apr 2020	ASA-202004-2	AVG-1120	linux-hardened	High	privilege escalation

References
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/ https://www.openwall.com/lists/oss-security/2020/03/30/3

Notes
Workaround: # sysctl -w kernel.unprivileged_bpf_disabled=1 Introduced by: 581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions") https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=581738a681b6faae5725c2555439189ca81c0f1f

Notes

Workaround:
# sysctl -w kernel.unprivileged_bpf_disabled=1

Introduced by:
581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=581738a681b6faae5725c2555439189ca81c0f1f