Denial of service in Linux kernel ext3/ext4 file system in F5 BIG-IP



Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2020-14314
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
BIG-IP SSLO
Hardware solutions / Firmware

BIG-IP DDHD
Hardware solutions / Firmware

BIG-IP
Hardware solutions / Firmware

BIG-IP PEM
Hardware solutions / Security hardware applicances

BIG-IP GTM
Hardware solutions / Security hardware applicances

BIG-IP FPS
Hardware solutions / Security hardware applicances

BIG-IP APM
Hardware solutions / Security hardware applicances

BIG-IP Analytics
Hardware solutions / Security hardware applicances

BIG-IP AFM
Hardware solutions / Security hardware applicances

BIG-IP LTM
Hardware solutions / Security hardware applicances

BIG-IP ASM
Hardware solutions / Security hardware applicances

BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Advanced WAF
Client/Desktop applications / Antivirus software/Personal firewalls

BIG-IQ Centralized Management
Server applications / Remote management servers, RDP, SSH

Vendor F5 Networks

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU47106

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14314

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

BIG-IP SSLO: 11.6.1 - 16.0.1.1

BIG-IP PEM: 11.6.1 HF1 - 16.0.1.1

BIG-IP Link Controller: 11.6.1 HF1 - 16.0.1.1

BIG-IP GTM: 11.6.1 HF1 - 16.0.1.1

BIG-IP FPS: 11.6.1 - 16.0.1.1

BIG-IP DNS: 11.6.1 - 16.0.1.1

BIG-IP DDHD: 11.6.1 - 16.0.1.1

BIG-IP APM: 11.6.1 HF1 - 16.0.1.1

BIG-IP Analytics: 11.6.1 HF1 - 16.0.1.1

BIG-IP AFM: 11.6.1 HF1 - 16.0.1.1

BIG-IP Advanced WAF: 11.6.1 - 16.0.1.1

BIG-IP AAM: 11.6.1 HF1 - 16.0.1.1

BIG-IP LTM: 11.6.1 HF1 - 16.0.1.1

BIG-IP: 11.6.1 HF1 - 16.0.1.1

BIG-IP ASM: 11.6.1 HF1 - 16.0.1.1

BIG-IQ Centralized Management: 6.0.0 - 8.0.0

CPE2.3 External links

http://support.f5.com/csp/article/K67830124


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###