CVE-2020-11935

CWE-911CWE-400Uncontrolled Resource Consumption13 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 90.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedApr 7

Description

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages28 packages

Ubuntulinux< 4.4.0-186.216+5
Ubuntulinux-aws< 4.4.0-1111.123+6
Ubuntulinux-gcp< 4.15.0-1080.90~16.04.1+2
Ubuntulinux-hwe< 4.15.0-112.113~16.04.1+1
Ubuntulinux-kvm< 4.4.0-1077.84+2

Also affects: Debian Linux 10.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04

🔴Vulnerability Details

4
CVEList
aufs: improperly managed inode reference counts in the vfsub_dentry_open() method2023-04-07
GHSA
GHSA-m5wq-r6hh-xqf5: It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method2023-04-07
OSV
Kernel Live Patch Security Notice2020-08-17
OSV
CVE-2020-11935: It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method2020-06-29

📋Vendor Advisories

8
Ubuntu
Kernel Live Patch Security Notice2020-10-14
Ubuntu
Kernel Live Patch Security Notice2020-08-17
Ubuntu
linux kernel vulnerabilities2020-07-31
Ubuntu
Linux kernel vulnerabilities2020-07-27
Ubuntu
Linux kernel vulnerabilities2020-07-27
CVE-2020-11935 (MEDIUM CVSS 5.5) | It was discovered that aufs imprope | cvebase.io