Lucene search

K
nvd[email protected]NVD:CVE-2020-14385
HistorySep 15, 2020 - 10:15 p.m.

CVE-2020-14385

2020-09-1522:15:13
CWE-131
web.nvd.nist.gov
10

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<5.9.0
OR
linuxlinux_kernelMatch5.9.0-
OR
linuxlinux_kernelMatch5.9.0rc1
OR
linuxlinux_kernelMatch5.9.0rc2
OR
linuxlinux_kernelMatch5.9.0rc3
Node
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
OR
debiandebian_linuxMatch9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*
linuxlinux_kernel5.9.0cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%