CVE-2020-8835| Linux Kernel ÐÅϢй¶/ȨÏÞÌáÉýÎó²îͨ¸æ
Ðû²¼Ê±¼ä 2020-04-010x00 Îó²î¸ÅÊö
CVE ID |
CVE-2020-8835 |
ʱ ¼ä |
2020-03-30 |
Àà ÐÍ |
ԽȨ»á¼û |
µÈ ¼¶ |
¸ßΣ |
Ô¶³ÌʹÓà |
·ñ |
Ó°Ïì¹æÄ£ |
Linux Kernel 5.4£¬£¬£¬5.5 |
0x01 Îó²îÏêÇé
Linux kernelÊÇÃÀ¹úLinux»ù½ð»áÐû²¼µÄ¿ªÔ´²Ù×÷ϵͳLinuxËùʹÓõÄÄںˡ£¡£¡£¡£¡£¡£¸ÃÎó²î×îÔçÓÚPwn2Own ½ÇÖðÉÏÓÃÓÚÑÝʾ Linux ÄÚºËȨÏÞÌáÉýÎó²î¡£¡£¡£¡£¡£¡£
ÔÚLinuxÄں˵ÄeBPF´úÂëÑéÖ¤³ÌÐòµÄʵÏÖÖз¢Ã÷ÁËÒ»¸öԽȨ»á¼ûÎó²î£¬£¬£¬ÆäÖÐeBPF³ÌÐòÖеÄ32λָÁîʱ±¬·¢Á˹ýʧµÄ¼Ä´æÆ÷½çÏßÅÌËã¡£¡£¡£¡£¡£¡£¸ÃȱÏÝÔÊÐíûÓÐÌØÈ¨µÄÓû§»òÀú³ÌÖ´ÐÐeBPF³ÌÐòʹÄÚºËÍ߽⣬£¬£¬´Ó¶øµ¼Ö¾ܾøÐ§ÀÍ»ò»ñµÃϵͳrootȨÏÞ¡£¡£¡£¡£¡£¡£
0x02 ´¦Öóͷ£½¨Òé
ÔÝʱ¼Æ»®¿Éͨ¹ýÐÞ¸ÄÄں˲ÎÊýÀ´¶ÔͨË×Óû§¾ÙÐÐÏÞÖÆ£º
Ubuntu£º
$ sudo sysctl kernel.unprivileged_bpf_disabled=1
$ echo kernel.unprivileged_bpf_disabled=1 | \
sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf
Redhat£º
# sysctl -w kernel.unprivileged_bpf_disabled=1
Fedora£º
# sysctl -w kernel.unprivileged_bpf_disabled=1
Ïà¹Ø¿¯ÐаæµÄÐÞ¸´½¨Òé
Debian£º
https://security-tracker.debian.org/tracker/CVE-2020-8835
Red Hat Enterprise Linux/CentOS£º
https://access.redhat.com/security/cve/CVE-2020-8835
Ubuntu£º
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8835.html
0x03 Ïà¹ØÐÂÎÅ
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
0x04 ²Î¿¼Á´½Ó
https://access.redhat.com/security/cve/cve-2020-8835
https://security-tracker.debian.org/tracker/CVE-2020-8835
https://security.sios.com/vulnerability/kernel-security-vulnerability-20200331.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835
0x05 ʱ¼äÏß
2020-03-19 ZDI չʾ¸ÃÎó²î¹¥»÷Ч¹û
2020-03-30 CVE ÊÕ¼¸ÃÎó²î