PT-2020-4832 · Linux+2 · Linux Kernel+2

Published

2020-10-08

Updated

2025-09-29

CVE-2020-27194

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.8.15

Description: An issue in the Linux kernel is related to the scalar32 min max or function in kernel/bpf/verifier.c, which mishandles bounds tracking during the use of 64-bit values. This can lead to a buffer overflow in memory, potentially allowing an attacker to cause a denial of service. There have been reports of local privilege escalation (LPE) exploits, indicating that this issue has been exploited in real-world attacks.

Recommendations: For Linux kernel versions prior to 5.8.15, update to version 5.8.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of the scalar32 min max or function in kernel/bpf/verifier.c until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-681CWE-119

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2020-3058

ALT-PU-2020-3069

ALT-PU-2020-3210

ALT-PU-2020-3553

ALT-PU-2021-1083

ALT-PU-2021-1105

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2020-05386

CVE-2020-27194

MGASA-2021-0030

MGASA-2021-0031

USN-4626-1

Affected Products

Alt Linux

Linux Kernel

Ubuntu

PT-2020-4832 · Linux+2 · Linux Kernel+2

CVE-2020-27194

Weakness Enumeration

Related Identifiers

Affected Products

References · 38