CVE-2020-27815 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	In the Linux kernel up until 5.10.4, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1394	linux	5.10.3.arch1-1	5.10.4.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2020/11/30/5 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c2032bf94ba4fb15db0c277614338d377fe430d2

Notes
The JFS kernel module witll be autoloaded when a JFS filesystem is in use, its use can be disabled by preventing the module from loading with the following instructions: # echo "blacklist jfs" >> /etc/modprobe.d/blacklist.conf The system will need to be restarted if the JFS module are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any jfs filesystems are in use.

Notes

The JFS kernel module witll be autoloaded when a JFS filesystem is in use, its use can be disabled by preventing the module from loading with the following instructions:

# echo "blacklist jfs" >> /etc/modprobe.d/blacklist.conf

The system will need to be restarted if the JFS module are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any jfs filesystems are in use.