PT-2020-3946 · Linux+6 · Linux Kernel+6

David Alan Gilbert

·

Published

2020-08-25

·

Updated

2022-12-06

·

CVE-2020-14385

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.9-rc4
Description: A flaw in the Linux kernel's XFS file system can cause a denial of service. The issue arises from a failure of the file system metadata validator, which can incorrectly flag an inode with a valid extended attribute as corrupt. This can lead to the filesystem being shut down or rendered inaccessible until it is remounted. The highest threat from this issue is to system availability. The vulnerability is related to an incorrect limitation of the buffer for downloaded data in the XFS file system implementation.
Recommendations: For Linux kernel versions prior to 5.9-rc4, update to a version 5.9-rc4 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-131

Related Identifiers

ALT-PU-2020-3074
ALT-PU-2020-3211
ALT-PU-2020-3553
ALT-PU-2020-3570
ALT-PU-2021-1083
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2020-04339
CESA-2020_4286
CESA-2020_4289
CESA-2020_4331
CESA-2020_5437
CVE-2020-14385
DLA-2385-1
MGASA-2020-0392
OPENSUSE-SU-2020:1586-1
OPENSUSE-SU-2020_1586-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2020:4286
RHSA-2020:4287
RHSA-2020:4289
RHSA-2020:4331
RHSA-2020:4332
RHSA-2020:5050
RHSA-2020:5199
RHSA-2020:5437
RHSA-2020:5441
RHSA-2020_4286
RHSA-2020_4289
RHSA-2020_5437
RHSA-2020_5441
SUSE-SU-2020:2879-1
SUSE-SU-2020:2908-1
USN-4576-1

Affected Products

Alt Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu