CVE-2020-8835| Linux Kernel ÐÅϢй¶/ȨÏÞÌáÉýÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-04-01

0x00 Îó²î¸ÅÊö


CVE   ID

CVE-2020-8835

ʱ    ¼ä

2020-03-30

Àà    ÐÍ

ԽȨ»á¼û

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

·ñ

Ó°Ïì¹æÄ£

Linux Kernel 5.4£¬£¬£¬5.5


0x01 Îó²îÏêÇé


Linux kernelÊÇÃÀ¹úLinux»ù½ð»áÐû²¼µÄ¿ªÔ´²Ù×÷ϵͳLinuxËùʹÓõÄÄںˡ£¡£¡£ ¡£¡£¡£¸ÃÎó²î×îÔçÓÚPwn2Own ½ÇÖðÉÏÓÃÓÚÑÝʾ Linux ÄÚºËȨÏÞÌáÉýÎó²î¡£¡£¡£ ¡£¡£¡£


ÔÚLinuxÄں˵ÄeBPF´úÂëÑéÖ¤³ÌÐòµÄʵÏÖÖз¢Ã÷ÁËÒ»¸öԽȨ»á¼ûÎó²î£¬£¬£¬ÆäÖÐeBPF³ÌÐòÖеÄ32λָÁîʱ±¬·¢Á˹ýʧµÄ¼Ä´æÆ÷½çÏßÅÌËã¡£¡£¡£ ¡£¡£¡£¸ÃȱÏÝÔÊÐíûÓÐÌØÈ¨µÄÓû§»òÀú³ÌÖ´ÐÐeBPF³ÌÐòʹÄÚºËÍ߽⣬£¬£¬´Ó¶øµ¼Ö¾ܾøÐ§ÀÍ»ò»ñµÃϵͳrootȨÏÞ¡£¡£¡£ ¡£¡£¡£


0x02 ´¦Öóͷ£½¨Òé


ÔÝʱ¼Æ»®¿Éͨ¹ýÐÞ¸ÄÄں˲ÎÊýÀ´¶ÔͨË×Óû§¾ÙÐÐÏÞÖÆ£º


Ubuntu£º

$ sudo sysctl kernel.unprivileged_bpf_disabled=1

$ echo kernel.unprivileged_bpf_disabled=1 | \

sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf


Redhat£º

# sysctl -w kernel.unprivileged_bpf_disabled=1


Fedora£º

# sysctl -w kernel.unprivileged_bpf_disabled=1



Ïà¹Ø¿¯ÐаæµÄÐÞ¸´½¨Òé


Debian£º

https://security-tracker.debian.org/tracker/CVE-2020-8835


Red Hat Enterprise Linux/CentOS£º

https://access.redhat.com/security/cve/CVE-2020-8835


Ubuntu£º

https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8835.html


0x03 Ïà¹ØÐÂÎÅ


https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results


0x04 ²Î¿¼Á´½Ó


https://access.redhat.com/security/cve/cve-2020-8835

https://security-tracker.debian.org/tracker/CVE-2020-8835

https://security.sios.com/vulnerability/kernel-security-vulnerability-20200331.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835


0x05 ʱ¼äÏß


2020-03-19 ZDI չʾ¸ÃÎó²î¹¥»÷Ч¹û

2020-03-30 CVE ÊÕ¼¸ÃÎó²î