CVE-2020-8835
📋 TL;DR
This vulnerability in the Linux kernel's BPF verifier allows attackers to bypass memory bounds checks for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. It affects Linux kernel versions 5.5.0+, 5.4.7+, and was introduced via a backported commit. This could allow local privilege escalation or kernel memory corruption.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire by Netapp
Steelstore Cloud Integrated Storage by Netapp
View all CVEs affecting Steelstore Cloud Integrated Storage →
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel memory corruption leading to system crash, or potential remote code execution if combined with other vulnerabilities.
Likely Case
Local privilege escalation allowing unprivileged users to gain root access on affected systems.
If Mitigated
Limited impact if proper access controls restrict local user accounts and BPF functionality is disabled.
🎯 Exploit Status
Exploitation requires local access and understanding of BPF internals. Proof-of-concept code has been published in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.6.1, 5.5.14, 5.4.29
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
Restart Required: Yes
Instructions:
1. Update kernel to patched version via distribution package manager. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-generic. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable unprivileged BPF
linuxPrevents unprivileged users from using BPF, which mitigates the vulnerability
sysctl -w kernel.unprivileged_bpf_disabled=1
echo 'kernel.unprivileged_bpf_disabled = 1' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement strict access controls to limit local user accounts
- Disable BPF functionality via kernel boot parameter: 'bpf_jit_enable=0' and 'kernel.unprivileged_bpf_disabled=1'
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is between 5.4.7-5.4.28, 5.5.0-5.5.13, or exactly 5.6.0, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version is 5.4.29+, 5.5.14+, or 5.6.1+. Check with: uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- BPF verifier error messages in dmesg
- Unexpected privilege escalation events
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("BPF" OR "verifier" OR "bounds check") AND severity=HIGH🔗 References
- http://www.openwall.com/lists/oss-security/2021/07/20/1
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/
- https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
- https://security.netapp.com/advisory/ntap-20200430-0004/
- https://usn.ubuntu.com/4313-1/
- https://usn.ubuntu.com/usn/usn-4313-1
- https://www.openwall.com/lists/oss-security/2020/03/30/3
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
- http://www.openwall.com/lists/oss-security/2021/07/20/1
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7OONYGMSYBEFHLHZJK3GOI5Z553G4LD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBWSHZ6DJIZVXKXGZPK6QPFCY7VKZEG/
- https://lore.kernel.org/bpf/20200330160324.15259-1-daniel%40iogearbox.net/T/
- https://security.netapp.com/advisory/ntap-20200430-0004/
- https://usn.ubuntu.com/4313-1/
- https://usn.ubuntu.com/usn/usn-4313-1
- https://www.openwall.com/lists/oss-security/2020/03/30/3
- https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
