Published: 15/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

A memory out-of-bounds read flaw was found in the Linux kernel prior to 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.9.0
linux linux kernel
debian debian linux 9.0
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
starwindsoftware starwind virtual san v8

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448) ...

In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structureA flaw was found ...

A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used An attacker could use this flaw to corrupt memory or escalate privileges (CVE-2019-19448) A use-after-free flaw was found in the debugfs_remove function in the Linux kernel ...

CWE-125 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://usn.ubuntu.com/4576-1/https://usn.ubuntu.com/4578-1/https://usn.ubuntu.com/4579-1/https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://www.starwindsoftware.com/security/sw-20210325-0003/https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:5441 https://alas.aws.amazon.com/ALAS-2020-1437.html

CVE-2020-14314

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect