CVE-2020-8992

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html	Mailing List Third Party Advisory
https://patchwork.ozlabs.org/patch/1236118/	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0003/	Third Party Advisory
https://usn.ubuntu.com/4318-1/	Third Party Advisory
https://usn.ubuntu.com/4324-1/	Third Party Advisory
https://usn.ubuntu.com/4342-1/	Third Party Advisory
https://usn.ubuntu.com/4344-1/	Third Party Advisory
https://usn.ubuntu.com/4419-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

27 Apr 2022, 15:31

Type	Values Removed	Values Added
First Time		Netapp hci Management Node Netapp active Iq Unified Manager Netapp data Availability Services Netapp h410c Opensuse leap Netapp Netapp h410c Firmware Netapp steelstore Cloud Integrated Storage Canonical ubuntu Linux Canonical Netapp solidfire Opensuse Netapp cloud Backup
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20200313-0003/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20200313-0003/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4344-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4344-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4419-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4419-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4318-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4318-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4342-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4342-1/ - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4324-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4324-1/ - Third Party Advisory
CWE		CWE-834
CPE		cpe:2.3:a:netapp:hci_management_node:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:a:netapp:data_availability_services:-:::::::* cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Information

Published : 2020-02-14 05:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-8992

Mitre link : CVE-2020-8992

CVE.ORG link : CVE-2020-8992

JSON object : View

Products Affected

netapp

solidfire
h410c
active_iq_unified_manager
hci_management_node
cloud_backup
data_availability_services
h410c_firmware
steelstore_cloud_integrated_storage

opensuse

leap

linux

linux_kernel

canonical

ubuntu_linux

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-834

Excessive Iteration

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-8992

5.5^/10

4.9^/10

Attach tags to `CVE-2020-8992`