CVE-2020-6108

HIGH

F2fs-Tools F2s.Fsck <1.13 - RCE

Title source: llm

Description

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

References (2)

[Third Party Advisory] https://security.gentoo.org/glsa/202101-26

[Exploit, Technical Description, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050

Scores

CVSS v3 7.8

EPSS 0.0116

EPSS Percentile 78.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-131 CWE-787

Status published

Affected Products (1)

f2fs-tools_project/f2fs-tools < 1.14.0

Timeline

Published Oct 15, 2020

Tracked Since Feb 18, 2026