CVE-2020-12655
kernel: sync of excessive duration via an XFS v5 image with crafted metadata
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
Se detectó un problema en la función xfs_agf_verify en el archivo fs/xfs/libxfs/xfs_alloc.c en el kernel de Linux versiones hasta 5.6.10. Los atacantes pueden desencadenar una sincronización de duración excesiva por medio de una imagen XFS v5 con metadatos diseñados, también se conoce como CID-d0c7feaf8767.
A flaw was discovered in the XFS source in the Linux kernel. This flaw allows an attacker with the ability to mount an XFS filesystem, to trigger a denial of service while attempting to sync a file located on an XFS v5 image with crafted metadata.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-05 CVE Reserved
- 2020-05-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List | |
https://lore.kernel.org/linux-xfs/20200221153803.GP9506%40magnolia | X_refsource_misc | |
https://security.netapp.com/advisory/ntap-20200608-0001 | X_refsource_confirm |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 5.6.10 Search vendor "Linux" for product "Linux Kernel" and version " <= 5.6.10" | - |
Affected
|