Description
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Exploits (1)
References (10)
Core 10
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/11/30/5
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/12/28/1
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4843
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1897668%2C
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/11/30/5%2C
Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/12/28/1%2C
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210702-0004/
Scores
CVSS v3
7.8
EPSS
0.0020
EPSS Percentile
41.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (13)
debian/debian_linux
9.0
debian/debian_linux
10.0
linux/linux_kernel
4.4.249
netapp/aff_a250_firmware
netapp/fas500f_firmware
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
... and 3 more
Published
May 26, 2021
Tracked Since
Feb 18, 2026