Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0067

Опубликовано: 17 апр. 2020
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

An out-of-bounds (OOB) memory access flaw was found in the F2FS filesystem module in f2fs_listxattr in fs/f2fs/xattr.c. A missing bounds check before a memcpy can leak the kernel's internal information, and lead to a denial of service. The highest threat from this vulnerability is to confidentiality.

Отчет

The affected code was not introduced into any kernel versions shipped with Red Hat Enterprise Linux making this vulnerable not applicable to these platforms.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1848847kernel: out of bounds read due to a missing bounds check in f2fs_xattr_generic_list of xattr.c leading to local information disclosure

EPSS

Процентиль: 18%
0.00056
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0067

CVSS3: 4.4
ubuntu
почти 6 лет назад

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

nvd логотип

CVE-2020-0067

CVSS3: 4.4
nvd
почти 6 лет назад

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

debian логотип

CVE-2020-0067

CVSS3: 4.4
debian
почти 6 лет назад

In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...

github логотип

GHSA-8qxr-j2hq-fwvv

CVSS3: 4.4
github
больше 3 лет назад

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

EPSS

Процентиль: 18%
0.00056
Низкий

4.4 Medium

CVSS3