CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: May 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-27815
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.1
AV:L/AC:L/Au:N/C:P/I:P/A:C

CWEs:

CWE-119
CWE-787

Affected Software
References

Software	From	Fixed in
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
linux / linux_kernel	4.15	4.19.164
linux / linux_kernel	4.20	5.4.86
linux / linux_kernel	5.5	5.10.4
linux / linux_kernel	4.10	4.14.213
linux / linux_kernel	4.5	4.9.249
linux / linux_kernel	4.4.249.x	4.4.249.x.x

http://www.openwall.com/lists/oss-security/2020/11/30/5
http://www.openwall.com/lists/oss-security/2020/12/28/1
https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
https://security.netapp.com/advisory/ntap-20210702-0004/
https://www.debian.org/security/2021/dsa-4843
https://www.openwall.com/lists/oss-security/2020/11/30/5%2C
https://www.openwall.com/lists/oss-security/2020/12/28/1%2C

Vulnerability Database

289,871

CVE-2020-27815