| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050736-CVE-2020-36791-4c86@gregkh>
Date: Wed, 7 May 2025 15:17:37 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2020-36791: net_sched: keep alloc_hash updated after hash allocation
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net_sched: keep alloc_hash updated after hash allocation
In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.
cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().
The Linux kernel CVE team has assigned CVE-2020-36791 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.4.214 with commit 73c29d2f6f8ae731b1e09051b69ed3ba2319482b and fixed in 4.4.218 with commit d6cdc5bb19b595486fb2e6661e5138d73a57f454
Issue introduced in 4.9.214 with commit b974ac51f5834a729de252fc5c1c9de9efd79b45 and fixed in 4.9.218 with commit c4453d2833671e3a9f6bd52f0f581056c3736386
Issue introduced in 4.14.171 with commit 6cb448ee493c8a514c9afa0c346f3f5b3227de85 and fixed in 4.14.175 with commit 9f8b6c44be178c2498a00b270872a6e30e7c8266
Issue introduced in 4.19.103 with commit 478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5 and fixed in 4.19.114 with commit 557d015ffb27b672e24e6ad141fd887783871dc2
Issue introduced in 5.4.19 with commit dd8142a6fa5270783d415292ec8169f4ea2a5468 and fixed in 5.4.29 with commit d23faf32e577922b6da20bf3740625c1105381bf
Issue introduced in 5.5.3 with commit 2c66ff8d08f81bcf8e8cb22e31e39c051b15336a and fixed in 5.5.14 with commit bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2020-36791
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/sched/cls_tcindex.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
Powered by blists - more mailing lists