A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
|Base Score:||5.5||Base Metrics:||AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H|
|Access Vector:||Local network||Attack Complexity:||Low|
|Privileges Required:||Low||User Interaction:||None|
|Integrity Impact:||None||Availability Impact:||High|
|Oracle Linux version 7 (kernel)||ELSA-2020-5437||2020-12-16|
|Oracle Linux version 7 (kernel-uek)||ELSA-2020-5884||2020-10-12|
|Oracle Linux version 7 (kernel-uek)||ELSA-2020-5913||2020-11-10|
|Oracle Linux version 8 (kernel)||ELSA-2020-4286||2020-10-21|
|Oracle Linux version 8 (kernel-uek)||ELSA-2020-5884||2020-10-12|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team