QwikSec

Security Database

CVE

CWE

Training

CVE-2020-14314

Published: Sep 15, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

Vendor	Product	Versions
Linux Kernel	kernel	affected `before 5.9-rc2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1

https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314

[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update

mailing-list

vendor-advisory

vendor-advisory

vendor-advisory

[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update

mailing-list

[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update

mailing-list

https://www.starwindsoftware.com/security/sw-20210325-0003/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.