The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service via xfs_attr_shortform_verify

Synthesis of the vulnerability 

An attacker can trigger a fatal error via xfs_attr_shortform_verify() of the Linux kernel, in order to trigger a denial of service.
Vulnerable products: Fedora, Linux.
Severity of this weakness: 1/4.
Creation date: 08/09/2020.
Références of this bulletin: CVE-2020-14385, FEDORA-2020-00e872744f, FEDORA-2020-708b23f2ce, RHBUG-1874800, VIGILANCE-VUL-33264.

Description of the vulnerability 

An attacker can trigger a fatal error via xfs_attr_shortform_verify() of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Fedora, Linux.

Our Vigil@nce team determined that the severity of this computer weakness alert is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability.

Solutions for this threat 

Linux kernel: version 5.8.8.
The version 5.8.8 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/

Linux kernel: version 5.4.64.
The version 5.4.64 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/

Linux kernel: version 4.19.144.
The version 4.19.144 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: patch for xfs_attr_shortform_verify.
A patch is indicated in information sources.

Fedora 31: new kernel-headers packages.
New packages are available:
  Fedora 31: kernel-headers 5.8.6-100.fc31

Fedora 31: new kernel packages.
New packages are available:
  Fedora 31: kernel 5.8.6-101.fc31

Fedora 31: new kernel-tools packages.
New packages are available:
  Fedora 31: kernel-tools 5.8.6-200.fc31

Fedora 32: new kernel-headers packages.
New packages are available:
  Fedora 32: kernel-headers 5.8.6-200.fc32

Fedora 32: new kernel packages.
New packages are available:
  Fedora 32: kernel 5.8.6-201.fc32

Fedora 32: new kernel-tools packages.
New packages are available:
  Fedora 32: kernel-tools 5.8.6-200.fc32
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.