CVE-2020-36791
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-36791
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36791.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-36791
- Related
- Published
- 2025-05-07T14:15:28Z
- Modified
- 2025-05-08T14:39:18Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netsched: keep allochash updated after hash allocation
In commit 599be01ee567 ("netsched: fix an OOB access in clstcindex") I moved cp->hash calculation before the first tcindexallocperfecthash(), but cp->allochash is left untouched. This difference could lead to another out of bound access.
cp->allochash should always be the size allocated, we should update it after this tcindexallocperfecthash().
- References
-
- https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html
- https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3
- https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2
- https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266
- https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9
- https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386
- https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf
- https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454
- https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534
- https://security-tracker.debian.org/tracker/CVE-2020-36791
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source