7.8
CVE-2020-27815
- EPSS 0.18%
- Published 26.05.2021 13:15:07
- Last modified 21.11.2024 05:21:51
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version > 4.4.249
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.249
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.213
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.164
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.86
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.4
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H410c Firmware Version-
Netapp ≫ Aff A250 Firmware Version-
Netapp ≫ Fas500f Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.402 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.1 | 3.9 | 8.5 |
AV:L/AC:L/Au:N/C:P/I:P/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.