Description
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4578-1/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4579-1/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Mailing List
https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314
Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4576-1/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20210325-0003/
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
6.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (8)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
debian/debian_linux
9.0
linux/linux_kernel
5.9.0 rc1
linux/linux_kernel
< 5.8.9
starwindsoftware/starwind_virtual_san
v8 build12533 (6 CPE variants)
Published
Sep 15, 2020
Tracked Since
Feb 18, 2026