CVE-2020-14385
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/09/2020
Last modified:
07/11/2023
Description
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.70
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.9.0 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://usn.ubuntu.com/4576-1/