CVE-2020-36791: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-36791 is a vulnerability in the Linux kernel's netsched subsystem that was discovered and resolved in 2020. The issue involves an out-of-bounds access in the clstcindex component, specifically in the tcindexsetparms function. The vulnerability occurs when cp->alloc_hash is not properly updated after hash allocation, leading to potential out-of-bounds memory access (CD Thoughts, NVD).

The vulnerability stems from a missing update to cp->allochash after hash allocation in the tcindexsetparms function. In commit 599be01ee567, the cp->hash calculation was moved before the first tcindexallocperfecthash(), but cp->allochash was left untouched. This difference could lead to an out-of-bounds access, as cp->allochash should always reflect the actual allocated size. The bug manifests as a 16-byte heap out-of-bounds write and can be triggered through netlink socket operations (CD Thoughts, Syzbot).

The vulnerability allows an unprivileged local attacker to cause an out-of-bounds write in kernel memory, potentially leading to privilege escalation and arbitrary code execution in the context of the kernel. The issue is particularly severe as it can be exploited by unprivileged users on systems that allow unprivileged namespaces, which includes several major Linux distributions (CD Thoughts, Wiz).

The vulnerability was fixed by updating cp->allochash after hash allocation in the tcindexallocperfecthash() function. The fix was committed to the Linux kernel and backported to affected stable versions. Users should update their kernel to a patched version to mitigate this vulnerability (NVD, Wiz).