Vulnerability CVE-2020-27815


Published: 2021-05-26

Description:
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.1/10
8.5/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Linux -> Linux kernel 
Debian -> Debian linux 

 References:
https://www.openwall.com/lists/oss-security/2020/11/30/5
,
https://www.openwall.com/lists/oss-security/2020/12/28/1
,
http://www.openwall.com/lists/oss-security/2020/11/30/5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
https://www.debian.org/security/2021/dsa-4843
https://bugzilla.redhat.com/show_bug.cgi?id=1897668
,
http://www.openwall.com/lists/oss-security/2020/12/28/1
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Copyright 2021, cxsecurity.com

 

Back to Top