aufs: improperly managed inode reference counts in the vfsub_dentry_open() method
CVE-2020-11935

4.4MEDIUM

Key Information:

Vendor: Ubuntu
Status: Linux Kernel (aufs Filesystem Module)
Vendor: CVE Published:; 7 April 2023

What is CVE-2020-11935?

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

Affected Version(s)

Linux kernel (aufs filesystem module) 4.4.0-186.216 < 4.4*

Linux kernel (aufs filesystem module) 4.15.0-112.113 < 4.15*

Linux kernel (aufs filesystem module) 5.4.0-42.46 < 5.4*

References

https://ubuntu.com/security/CVE-2020-11935

vendor-advisory

https://bugs.launchpad.net/bugs/1873074

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2023
Vulnerability Reserved
Apr 20, 2020

Credit

Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service.

Ubuntu

What is CVE-2020-11935?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit