CVE-2020-27815

Опубликовано: 30 нояб. 2020

Источник: redhat

CVSS3: 7.4

EPSS Низкий

Описание

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1897668kernel: Array index out of bounds access when setting extended attributes on journaling filesystems.

EPSS

Процентиль: 40%

0.00182

Низкий

7.4 High

CVSS3

Связанные уязвимости

CVE-2020-27815

CVSS3: 7.8

ubuntu

больше 4 лет назад

CVE-2020-27815

CVSS3: 7.8

nvd

больше 4 лет назад

CVE-2020-27815

CVSS3: 7.8

msrc

больше 2 лет назад

Описание отсутствует

CVE-2020-27815

CVSS3: 7.8

debian

больше 4 лет назад

A flaw was found in the JFS filesystem code in the Linux Kernel which ...

openSUSE-SU-2021:0532-1

suse-cvrf

почти 5 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 40%

0.00182

Низкий

7.4 High

CVSS3