CVE-2020-14385MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Details
Source: MITRE
Published: 2020-09-15
Updated: 2020-10-15
Type: CWE-131
Risk Information
CVSS v2
Base Score: 4.7
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.4
Severity: MEDIUM
CVSS v3
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 147690 | EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642) | Nessus | Huawei Local Security Checks | high |
| 147512 | EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604) | Nessus | Huawei Local Security Checks | high |
| 147345 | NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0051) | Nessus | NewStart CGSL Local Security Checks | high |
| 146282 | openSUSE Security Update : RT kernel (openSUSE-2021-242) | Nessus | SuSE Local Security Checks | high |
| 145986 | CentOS 8 : kernel (CESA-2020:4286) | Nessus | CentOS Local Security Checks | high |
| 144731 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039) | Nessus | Huawei Local Security Checks | high |
| 144549 | CentOS 7 : kernel (CESA-2020:5437) | Nessus | CentOS Local Security Checks | high |
| 144404 | RHEL 7 : kernel (RHSA-2020:5437) | Nessus | Red Hat Local Security Checks | high |
| 144402 | RHEL 7 : kernel-rt (RHSA-2020:5441) | Nessus | Red Hat Local Security Checks | high |
| 144333 | Oracle Linux 7 : kernel (ELSA-2020-5437) | Nessus | Oracle Linux Local Security Checks | high |
| 144295 | Scientific Linux Security Update : kernel on SL7.x x86_64 (2020:5437) | Nessus | Scientific Linux Local Security Checks | high |
| 143671 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1) | Nessus | SuSE Local Security Checks | medium |
| 143236 | RHEL 8 : kernel (RHSA-2020:5199) | Nessus | Red Hat Local Security Checks | high |
| 141777 | Oracle Linux 8 : kernel (ELSA-2020-4286) | Nessus | Oracle Linux Local Security Checks | high |
| 141606 | RHEL 8 : kernel (RHSA-2020:4286) | Nessus | Red Hat Local Security Checks | high |
| 141603 | RHEL 8 : kernel-rt (RHSA-2020:4289) | Nessus | Red Hat Local Security Checks | high |
| 141580 | RHEL 8 : kernel (RHSA-2020:4287) | Nessus | Red Hat Local Security Checks | high |
| 141451 | Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1) | Nessus | Ubuntu Local Security Checks | high |
| 141395 | Oracle Linux 8 : Unbreakable Enterprise kernel (ELSA-2020-5884) | Nessus | Oracle Linux Local Security Checks | high |
| 141332 | EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166) | Nessus | Huawei Local Security Checks | high |
| 141329 | EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176) | Nessus | Huawei Local Security Checks | high |
| 141161 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586) | Nessus | SuSE Local Security Checks | medium |
| 140999 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2151) | Nessus | Huawei Local Security Checks | high |
| 140959 | EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-2011) | Nessus | Huawei Local Security Checks | medium |
| 140933 | Debian DLA-2385-1 : linux-4.19 security update | Nessus | Debian Local Security Checks | high |
| 140305 | Fedora 32 : kernel / kernel-headers / kernel-tools (2020-708b23f2ce) | Nessus | Fedora Local Security Checks | medium |