CVE-2020-35519: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-35519 is an out-of-bounds (OOB) memory access vulnerability discovered in the Linux kernel version v5.12-rc5, specifically in the x25bind function within net/x25/afx25.c. The vulnerability was discovered by Kiyin (尹亮) and involves a bounds check failure in the x25 implementation when handling addresses from user space (Ubuntu Security).

The vulnerability stems from a bounds check failure where the .x25addr[] array comes from the user and is not necessarily NUL terminated. This leads to two problems: first, the strlen() in x25bind() can read beyond the end of the buffer, and second, it could result in memory corruption through the call tree: x25connect() -> x25writeinternal() -> x25addraton(). The x25 protocol only allows 15 character addresses, making buffer overflow possible when handling addresses from user space ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=1908251)). The vulnerability has been assigned a CVSS score of 7.8 (High) (NetApp Security).

The vulnerability can allow a local attacker with a user account on the system to gain access to out-of-bounds memory, potentially leading to system crashes, leakage of internal kernel information, or possible arbitrary code execution. The highest threats from this vulnerability affect system confidentiality, integrity, and availability (CVE Mitre).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed this in versions 5.8.0-44.50 for 20.10, 5.4.0-66.74 for 20.04 LTS, 4.15.0-136.140 for 18.04 LTS, and 4.4.0-203.235 for 16.04 LTS. The recommended mitigation is to update to the patched kernel versions (Ubuntu Security).