CVE-2020-14314

Published Sep 15, 2020

Last updated a year ago

CVSS medium 5.5

Overview

Description: A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

secalert@redhat.com: CWE-125
nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "678E32BE-CC08-4699-835A-2F179D44D12D",
            "versionEndIncluding": "5.8.9"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21F51360-AF61-433B-9FD9-D7DE742FABF9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5C2815-65C8-48D7-BF31-6104EDD0CBE5"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FF4A265-AFFD-4853-B3CE-A55E950E8B5B"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6484296-5BA8-408A-A087-A0D86BA50703"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D31D4A3-7D1E-472F-9BB6-AF889DA7C763"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67B6B43-FF39-4B05-8704-EDFCED4117E6"
          },
          {
            "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C79FA879-7855-467B-A98D-7D914940F9D3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References