SB2020021445 - Resource exhaustion in Linux kernel
Published: February 14, 2020
Security Bulletin ID
SB2020021445
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2020-8992)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
Remediation
Install update from vendor's website.
References
- https://patchwork.ozlabs.org/patch/1236118/
- https://security.netapp.com/advisory/ntap-20200313-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://usn.ubuntu.com/4318-1/
- https://usn.ubuntu.com/4324-1/
- https://usn.ubuntu.com/4344-1/
- https://usn.ubuntu.com/4342-1/
- https://usn.ubuntu.com/4419-1/