CVE-2020-6105

HIGH

F2fs-Tools F2fs.Fsck <1.13 - RCE

Title source: llm

Description

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

References (2)

[Exploit, Technical Description, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047

[Third Party Advisory] https://security.gentoo.org/glsa/202101-26

Scores

CVSS v3 7.8

EPSS 0.0061

EPSS Percentile 69.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-610 CWE-73

Status published

Products (1)

f2fs-tools_project/f2fs-tools < 1.14.0

Published Oct 15, 2020

Tracked Since Feb 18, 2026