Published: 06/10/2020 Updated: 21/11/2022

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

A flaw was found in the Linux kernel's implementation of biovecs in versions prior to 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 5.9.0
linux linux kernel
redhat enterprise linux 7.0
redhat enterprise linux 8.0
opensuse leap 15.1
opensuse leap 15.2
debian debian linux 9.0
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: OpenShift Container Platform 4612 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 4612 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4612 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red Hat ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...

Synopsis Moderate: kernel-alt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used An attacker could use this flaw to corrupt memory or escalate privileges (CVE-2019-19448) A use-after-free flaw was found in the debugfs_remove function in the Linux kernel ...

In the Linux kernel 5021 and 5311, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cachec because the pointer to a left data structure can be the same as the pointer to a right data structure (CVE-2019-19448) ...

Greg KH <greg () kroah com> writes: Git can do the sorting for you with --sort And if you have other tags in your repo that can confuse things, so specifying that you want "v*" tags avoids that eg: $ git tag -l "v*" --sort=v:refname --contains 1bdc76aea115 | head -n 10 v48 v48-rc1 v48-rc2 v48-rc3 v48-rc4 v48-rc5 v48-rc6 v48-rc7 ...

On Wed, Sep 30, 2020 at 10:35:56AM +1000, Wade Mealing wrote: That's odd, and not the best way to do this, the commit really showed up in 48-rc1: $ git describe --contains 1bdc76aea115 v48-rc1~162^2~21 You forgot to sort by "version", which is what you need to do if you want to try to look at tags, but then it's still a bit off ...

Gday, A flaw was found in the Linux kernels implementation of biovec usage A zero-length biovec request issued to the block subsystem could cause the kernel to enter an infinite loop causing a denial of service An attacker with a local account can issue requests to a block device can cause a denial of service This has been assigned CVE-2020-2 ...

CWE-835 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124 https://www.kernel.org/doc/html/latest/block/biovecs.html https://bugzilla.redhat.com/show_bug.cgi?id=1881424 http://www.openwall.com/lists/oss-security/2020/10/06/9 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://usn.ubuntu.com/4576-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:5374 https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-016.html

Get Started

CVE-2020-25641

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect