{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-36791","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-26T17:07:27.435Z","datePublished":"2025-05-07T13:17:33.882Z","dateUpdated":"2026-05-11T13:42:58.296Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T13:42:58.296Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: keep alloc_hash updated after hash allocation\n\nIn commit 599be01ee567 (\"net_sched: fix an OOB access in cls_tcindex\")\nI moved cp->hash calculation before the first\ntcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.\nThis difference could lead to another out of bound access.\n\ncp->alloc_hash should always be the size allocated, we should\nupdate it after this tcindex_alloc_perfect_hash()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/cls_tcindex.c"],"versions":[{"version":"73c29d2f6f8ae731b1e09051b69ed3ba2319482b","lessThan":"d6cdc5bb19b595486fb2e6661e5138d73a57f454","status":"affected","versionType":"git"},{"version":"b974ac51f5834a729de252fc5c1c9de9efd79b45","lessThan":"c4453d2833671e3a9f6bd52f0f581056c3736386","status":"affected","versionType":"git"},{"version":"6cb448ee493c8a514c9afa0c346f3f5b3227de85","lessThan":"9f8b6c44be178c2498a00b270872a6e30e7c8266","status":"affected","versionType":"git"},{"version":"478c4b2ffd44e5186c7e22ae7c38a86a5b9cfde5","lessThan":"557d015ffb27b672e24e6ad141fd887783871dc2","status":"affected","versionType":"git"},{"version":"dd8142a6fa5270783d415292ec8169f4ea2a5468","lessThan":"d23faf32e577922b6da20bf3740625c1105381bf","status":"affected","versionType":"git"},{"version":"2c66ff8d08f81bcf8e8cb22e31e39c051b15336a","lessThan":"bd3ee8fb6371b45c71c9345cc359b94da2ddefa9","status":"affected","versionType":"git"},{"version":"599be01ee567b61f4471ee8078870847d0a11e8e","lessThan":"0d1c3530e1bd38382edef72591b78e877e0edcd3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sched/cls_tcindex.c"],"versions":[{"version":"4.4.214","lessThan":"4.4.218","status":"affected","versionType":"semver"},{"version":"4.9.214","lessThan":"4.9.218","status":"affected","versionType":"semver"},{"version":"4.14.171","lessThan":"4.14.175","status":"affected","versionType":"semver"},{"version":"4.19.103","lessThan":"4.19.114","status":"affected","versionType":"semver"},{"version":"5.4.19","lessThan":"5.4.29","status":"affected","versionType":"semver"},{"version":"5.5.3","lessThan":"5.5.14","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.214","versionEndExcluding":"4.4.218"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.214","versionEndExcluding":"4.9.218"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.171","versionEndExcluding":"4.14.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.103","versionEndExcluding":"4.19.114"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.19","versionEndExcluding":"5.4.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.3","versionEndExcluding":"5.5.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454"},{"url":"https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386"},{"url":"https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266"},{"url":"https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2"},{"url":"https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf"},{"url":"https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9"},{"url":"https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3"},{"url":"https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534"},{"url":"https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html"}],"title":"net_sched: keep alloc_hash updated after hash allocation","x_generator":{"engine":"bippy-1.2.0"}}}}