CVE-2020-36791
📋 TL;DR
This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's net_sched subsystem. The flaw occurs when the alloc_hash variable isn't properly updated after hash allocation, potentially allowing attackers to read or write beyond allocated memory boundaries. This affects Linux systems using the affected kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential privilege escalation to root, or arbitrary code execution in kernel context.
Likely Case
System instability, crashes, or denial of service affecting network traffic classification functionality.
If Mitigated
Limited impact if exploit attempts are blocked by kernel hardening features or if the vulnerable code path isn't triggered.
🎯 Exploit Status
Exploitation requires ability to manipulate network traffic classification rules and trigger the specific code path. No public exploit code identified in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see git.kernel.org references)
Vendor Advisory: https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable tcindex classifier
linuxRemove or disable tcindex traffic classifier if not required
# Check if tcindex is in use
tc filter show
# Remove tcindex rules if present
tc filter del dev <interface> parent <handle>
🧯 If You Can't Patch
- Implement strict network traffic filtering to prevent unauthorized manipulation of tc rules
- Enable kernel hardening features like KASLR and restrict user access to network configuration tools
🔍 How to Verify
Check if Vulnerable:
Check kernel version against your distribution's security advisories. Vulnerable if using unpatched kernel with tcindex classifier enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched version from vendor advisory and check that tc filter commands work without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- OOM killer activity related to network subsystem
- System crashes during network configuration changes
Network Indicators:
- Unexpected network classification rule changes
- Abnormal tc command usage patterns
SIEM Query:
Search for kernel logs containing 'panic', 'Oops', or 'BUG' messages related to net_sched or tcindex🔗 References
- https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
- https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
- https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
- https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
- https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
- https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
- https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
- https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
- https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
