exploitDog

CVE-2020-27815

Опубликовано: 26 мая 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.1

EPSS Низкий

Описание

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Ссылки

http://www.openwall.com/lists/oss-security/2020/11/30/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/28/1
Exploit
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210702-0004/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4843
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/30/5%2C
Mailing List
https://www.openwall.com/lists/oss-security/2020/12/28/1%2C
Mailing List
http://www.openwall.com/lists/oss-security/2020/11/30/5
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/28/1
Exploit
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210702-0004/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4843
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/30/5%2C
Mailing List
https://www.openwall.com/lists/oss-security/2020/12/28/1%2C
Mailing List

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.4.249 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.249 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.213 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.164 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.86 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:netapp:fas500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas500f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00182

Низкий

7.8 High

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-119

CWE-787

Связанные уязвимости

CVE-2020-27815

CVSS3: 7.8

ubuntu

больше 4 лет назад

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27815

CVSS3: 7.4

redhat

около 5 лет назад

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27815

CVSS3: 7.8

msrc

больше 2 лет назад

Описание отсутствует

CVE-2020-27815

CVSS3: 7.8

debian

больше 4 лет назад

A flaw was found in the JFS filesystem code in the Linux Kernel which ...

openSUSE-SU-2021:0532-1

suse-cvrf

почти 5 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 40%

0.00182

Низкий

7.8 High

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-119

CWE-787