VDB

CVE-2020-8835

CVE-2020-8835 PUBLISHED

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

EPSS 23.27% · 96.1th percentile

Risk Scores

EPSS Score
23.27%
96.1th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlinux-gcp-5.3*, 5.3.0-1014.15~18.04.1, 5.3.0-1012.13~18.04.1
Ubuntu:18.04:LTSlinux-azure-edge5.0.0-1012.12~18.04.2, *, 0
Ubuntu:18.04:LTSlinux-raspi2-5.35.3.0-1018.20~18.04.1, 5.3.0-1019.21~18.04.1, *
Ubuntu:18.04:LTSlinux-azure-5.30, 5.3.0-1013.14~18.04.1, 5.3.0-1012.13~18.04.1
Ubuntu:18.04:LTSlinux-oracle-5.30, 5.3.0-1011.12~18.04.1
Ubuntu:18.04:LTSlinux-gke-5.3*, *, 0
Ubuntu:18.04:LTSlinux-hwe*, 0, 4.18.0-13.14~18.04.1
Ubuntu:18.04:LTSlinux-gcp-edge5.0.0-1013.13~18.04.1, 5.0.0-1011.11~18.04.1, 4.18.0-1015.16~18.04.1
Ubuntu:20.04:LTSlinux-raspi25.3.0-1007.8, 5.3.0-1014.16, 5.3.0-1015.17
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-22.24~18.04.1, 5.3.0-23.25~18.04.2, 5.3.0-24.26~18.04.2

Exploit Intelligence

…and 51 more exploits

Timeline

  • Mar 30, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jul 21, 2021 EPSS Score
  • Sep 1, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Feb 13, 2025 PoC Published
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›