{"id":"CVE-2020-36791","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: keep alloc_hash updated after hash allocation\n\nIn commit 599be01ee567 (\"net_sched: fix an OOB access in cls_tcindex\")\nI moved cp-\u003ehash calculation before the first\ntcindex_alloc_perfect_hash(), but cp-\u003ealloc_hash is left untouched.\nThis difference could lead to another out of bound access.\n\ncp-\u003ealloc_hash should always be the size allocated, we should\nupdate it after this tcindex_alloc_perfect_hash().","modified":"2026-03-23T05:04:58.114399Z","published":"2025-05-07T14:15:28.513Z","related":["SUSE-SU-2025:01982-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:01995-1"],"references":[{"type":"ADVISORY","url":"https://blog.cdthoughts.ch/2021/03/16/syzbot-bug.html"},{"type":"REPORT","url":"https://syzkaller.appspot.com/bug?id=ea260693da894e7b078d18fca2c9c0a19b457534"},{"type":"FIX","url":"https://git.kernel.org/stable/c/0d1c3530e1bd38382edef72591b78e877e0edcd3"},{"type":"FIX","url":"https://git.kernel.org/stable/c/557d015ffb27b672e24e6ad141fd887783871dc2"},{"type":"FIX","url":"https://git.kernel.org/stable/c/c4453d2833671e3a9f6bd52f0f581056c3736386"},{"type":"FIX","url":"https://git.kernel.org/stable/c/d23faf32e577922b6da20bf3740625c1105381bf"},{"type":"FIX","url":"https://git.kernel.org/stable/c/d6cdc5bb19b595486fb2e6661e5138d73a57f454"},{"type":"FIX","url":"https://git.kernel.org/stable/c/9f8b6c44be178c2498a00b270872a6e30e7c8266"},{"type":"FIX","url":"https://git.kernel.org/stable/c/bd3ee8fb6371b45c71c9345cc359b94da2ddefa9"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.4.214"},{"fixed":"4.4.218"}]},{"events":[{"introduced":"4.9.214"},{"fixed":"4.9.218"}]},{"events":[{"introduced":"4.14.171"},{"fixed":"4.14.175"}]},{"events":[{"introduced":"4.19.103"},{"fixed":"4.19.114"}]},{"events":[{"introduced":"5.4.19"},{"fixed":"5.4.29"}]},{"events":[{"introduced":"5.5.3"},{"fixed":"5.5.14"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc6"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6-rc7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36791.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}