Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-36791

Опубликовано: 07 мая 2025
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

net_sched: keep alloc_hash updated after hash allocation

In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access.

cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.4.214 (включая) до 4.4.218 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.9.214 (включая) до 4.9.218 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.14.171 (включая) до 4.14.175 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.19.103 (включая) до 4.19.114 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.4.19 (включая) до 5.4.29 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.5.3 (включая) до 5.5.14 (исключая)
cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.6:rc7:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2020-36791

CVSS3: 7.1
ubuntu
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

redhat логотип

CVE-2020-36791

CVSS3: 5.5
redhat
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

debian логотип

CVE-2020-36791

CVSS3: 7.1
debian
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

github логотип

GHSA-5pxm-fr3g-jf32

CVSS3: 7.1
github
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

suse-cvrf логотип

SUSE-SU-2025:01982-1

suse-cvrf
8 месяцев назад

Security update for the Linux Kernel

EPSS

Процентиль: 5%
0.00023
Низкий

7.1 High

CVSS3

Дефекты

CWE-125