CVE-2020-36791

Summary

In the Linux kernel, the following vulnerability has been resolved:

net_sched: keep alloc_hash updated after hash allocation

In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access.

cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux73c29d2f6f8ae731b1e09051b69ed3ba2319482b < d6cdc5bb19b595486fb2e6661e5138d73a57f454affected
LinuxLinuxb974ac51f5834a729de252fc5c1c9de9efd79b45 < c4453d2833671e3a9f6bd52f0f581056c3736386affected
LinuxLinux6cb448ee493c8a514c9afa0c346f3f5b3227de85 < 9f8b6c44be178c2498a00b270872a6e30e7c8266affected
LinuxLinux478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5 < 557d015ffb27b672e24e6ad141fd887783871dc2affected
LinuxLinuxdd8142a6fa5270783d415292ec8169f4ea2a5468 < d23faf32e577922b6da20bf3740625c1105381bfaffected
LinuxLinux2c66ff8d08f81bcf8e8cb22e31e39c051b15336a < bd3ee8fb6371b45c71c9345cc359b94da2ddefa9affected
LinuxLinux599be01ee567b61f4471ee8078870847d0a11e8e < 0d1c3530e1bd38382edef72591b78e877e0edcd3affected
LinuxLinux4.4.214 < 4.4.218affected
LinuxLinux4.9.214 < 4.9.218affected
LinuxLinux4.14.171 < 4.14.175affected
LinuxLinux4.19.103 < 4.19.114affected
LinuxLinux5.4.19 < 5.4.29affected
LinuxLinux5.5.3 < 5.5.14affected

Weaknesses

References