USN-4367-1

Advisory lineage Upstream: 8 Downstream: 0
Published: 24 May 2020, 02:16
Last modified:03 Jun 2026, 13:33

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 May 2020, 02:16
Published
Vulnerability first disclosed
03 Jun 2026, 13:33
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657)

Affected Systems

  • ubuntulinux

    < 5.4.0-31.35

  • ubuntulinux-aws

    < 5.4.0-1011.11

  • ubuntulinux-azure

    < 5.4.0-1012.12

  • ubuntulinux-gcp

    < 5.4.0-1011.11

  • ubuntulinux-kvm

    < 5.4.0-1011.11

  • ubuntulinux-oracle

    < 5.4.0-1011.11

  • ubuntulinux-raspi

    < 5.4.0-1011.11

  • ubuntulinux-riscv

    < 5.4.0-26.30

References (5)