Vulnerability Details : CVE-2020-12655
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
Products affected by CVE-2020-12655
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-12655
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-12655
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-12655
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-12655
-
https://github.com/torvalds/linux/commit/d0c7feaf87678371c2c09b3709400be416b2dc62
xfs: add agf freeblocks verify in xfs_agf_verify · torvalds/linux@d0c7fea · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
[SECURITY] [DLA 2420-2] linux regression update
-
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
[security-announce] openSUSE-SU-2020:0801-1: important: Security update
-
https://usn.ubuntu.com/4483-1/
USN-4483-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
[SECURITY] [DLA 2323-1] linux-4.19 new package
-
https://security.netapp.com/advisory/ntap-20200608-0001/
May 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
https://lore.kernel.org/linux-xfs/20200221153803.GP9506@magnolia/
Re: [PATCH v3] xfs: add agf freeblocks verify in xfs_agf_verify - Darrick J. WongVendor Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
[SECURITY] [DLA 2420-1] linux security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/
[SECURITY] Fedora 31 Update: kernel-5.6.13-200.fc31 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ2X3TM6RGRUS3KZAS26IJO5XGU7TBBR/
[SECURITY] Fedora 32 Update: kernel-5.6.13-300.fc32 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/
[SECURITY] Fedora 30 Update: kernel-5.6.13-100.fc30 - package-announce - Fedora Mailing-Lists
-
https://usn.ubuntu.com/4485-1/
USN-4485-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
https://usn.ubuntu.com/4465-1/
USN-4465-1: linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Jump to