CVE-2020-8835: Linux Kernel Information Disclosure & Privilege Escalation Vulnerability Alert

The vulnerability used by the security researcher, Manfred Paul to demonstrate the elevation of the privileges of the Linux kernel in the Pwn2Own competition was included by CVE and the vulnerability number was CVE-2020-8835. “He leveraged an improper input validation bug in the kernel to go from a standard user to root. His first foray into the world of Pwn2Own earned him $30,000 and 3 points towards Master of Pwn.” This vulnerability is due to the bpf verification system’s failure to correctly calculate certain operation register limits in the Linux kernel, causing local attackers to exploit this flaw to read confidential information (kernel memory) or elevate users to administrative privileges.

Affected version

• Linux Kernel 5.4
• Linux Kernel 5.5

Solution

• Affected users can fix this vulnerability by upgrading the Linux kernel.
• For more information on Ubuntu distributions, please see here.
• For more information on Ubuntu distributions, please see here.

Temporary protective measures

If the related users are temporarily unable to update the Linux Kernel, mitigation measures provided by the developers can be used to restrict ordinary users by modifying the kernel parameters.

Ubuntu 

Mitigation for this vulnerability is available by setting the
kernel.unprivileged_bpf_disabled sysctl to 1:

$ sudo sysctl kernel.unprivileged_bpf_disabled=1

$ echo kernel.unprivileged_bpf_disabled=1 | \ sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf

Redhat

# sysctl -w kernel.unprivileged_bpf_disabled=1