A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device resulting in a denial of service. The highest threat from this vulnerability is to system availability.

🗓️ 09 Oct 2020 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 3 Views

Zero-length biovec request in Linux kernel before 5.9-rc7 loops, causing local denial of service.

Reporter	Title	Published	Views	Family All 307
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-016)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2020-1437)	28 Oct 202000:00	–	nessus
Tenable Nessus	AlmaLinux 8 : kernel (ALSA-2020:4431)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : kernel (CESA-2020:4431)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : kernel-alt (RHSA-2020:5079)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DLA-2385-1 : linux-4.19 security update	29 Sep 202000:00	–	nessus
Tenable Nessus	Debian DLA-2420-2 : linux regression update	2 Nov 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)	2 Nov 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)	3 Nov 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2429)	3 Nov 202000:00	–	nessus

Vulners

Node

microsoft cm1_kernel_5.4.91-3Range<5.4.91-3

09 Oct 2020 07:00Current

7High risk

Vulners AI Score7

CVSS 24.9

CVSS 3.15.5

EPSS0.0038

linux kernel biovecs zero length biovec five nine rc7 denial of service local attacker block device