CVE-2020-36791

HIGH EPSS 4.8%
Published May 7, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published May 7, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥4.4.214  –  <4.4.218
linuxlinux_kernel*≥4.9.214  –  <4.9.218
linuxlinux_kernel*≥4.14.171  –  <4.14.175
linuxlinux_kernel*≥4.19.103  –  <4.19.114
linuxlinux_kernel*≥5.4.19  –  <5.4.29
linuxlinux_kernel*≥5.5.3  –  <5.5.14
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any
linuxlinux_kernel5.6any

References 9

  • blog.cdthoughts.ch https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
    Third Party Advisory
  • git.kernel.org https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
    Patch
  • syzkaller.appspot.com https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
    Issue Tracking

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
    Patch