Main Vulnerability Database Vulnerabilities #VU47659

#VU47659 Information disclosure in F2fs.Fsck - CVE-2020-6107

Published: October 15, 2020

Vulnerability identifier: #VU47659

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6107

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
F2fs.Fsck

Software vendor:
F2fs-Tools

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the "dev_read" functionality. A local administrator can use a specially crafted f2fs filesystem and gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1049

#VU47659 Information disclosure in F2fs.Fsck - CVE-2020-6107

Description

Remediation

External links

Please verify you're human