CVE-2020-27815
Vulnerability Summary
Timeline
Description
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.1AV:L/AC:L/Au:N/C:P/I:P/A:C
EPSS Trends
Current EPSS score: 0.20%• Percentile: 42%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
- CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Affected Systems
- debian•debian_linux
9.0 | 10.0
- linux•linux_kernel
> 4.4.249 | ≥ 4.5, < 4.9.249 | ≥ 4.10, < 4.14.213 | ≥ 4.15, < 4.19.164 | ≥ 4.20, < 5.4.86 | ≥ 5.5, < 5.10.4
- netapp•aff_a250_firmware
na
- netapp•fas500f_firmware
na
- netapp•h300e
na
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500e
na
- netapp•h500s_firmware
na
- netapp•h700e
na
- netapp•h700s_firmware
na
References (10)
- http://www.openwall.com/lists/oss-security/2020/11/30/5
- http://www.openwall.com/lists/oss-security/2020/12/28/1
- https://www.debian.org/security/2021/dsa-4843
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C
- https://www.openwall.com/lists/oss-security/2020/11/30/5%2C
- https://www.openwall.com/lists/oss-security/2020/12/28/1%2C
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
- https://security.netapp.com/advisory/ntap-20210702-0004/