CVE-2020-36791

net_sched: keep alloc_hash updated after hash allocation

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-02-26 CVE Reserved
2025-05-07 CVE Published
2025-05-07 CVE Updated
2025-05-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (15)

URL	Tag	Source
https://git.kernel.org/stable/c/73c29d2f6f8ae731b1e09051b69ed3ba2319482b	Vuln. Introduced
https://git.kernel.org/stable/c/b974ac51f5834a729de252fc5c1c9de9efd79b45	Vuln. Introduced
https://git.kernel.org/stable/c/6cb448ee493c8a514c9afa0c346f3f5b3227de85	Vuln. Introduced
https://git.kernel.org/stable/c/478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5	Vuln. Introduced
https://git.kernel.org/stable/c/dd8142a6fa5270783d415292ec8169f4ea2a5468	Vuln. Introduced
https://git.kernel.org/stable/c/2c66ff8d08f81bcf8e8cb22e31e39c051b15336a	Vuln. Introduced
https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454	2020-04-02
https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386	2020-04-02
https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266	2020-04-02
https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2	2020-04-02
https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf	2020-04-01
https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9	2020-04-01
https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3	2020-03-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4.214 < 4.4.218 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4.214 < 4.4.218"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.214 < 4.9.218 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.214 < 4.9.218"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.171 < 4.14.175 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.171 < 4.14.175"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.103 < 4.19.114 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.103 < 4.19.114"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.19 < 5.4.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.19 < 5.4.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5.3 < 5.5.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.3 < 5.5.14"		en		Affected