CVE-2020-27815 - log back

CVE-2020-27815 edited at 31 Dec 2020 11:43:28
Notes
+ The JFS kernel module witll be autoloaded when a JFS filesystem is in use, its use can be disabled by preventing the module from loading with the following instructions:
+
+ # echo "blacklist jfs" >> /etc/modprobe.d/blacklist.conf
+
+ The system will need to be restarted if the JFS module are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any jfs filesystems are in use.
CVE-2020-27815 edited at 31 Dec 2020 11:42:29
Description
- In the Linux kernel up until 5.11, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.
+ In the Linux kernel up until 5.10.4, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.
References
https://www.openwall.com/lists/oss-security/2020/11/30/5
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c2032bf94ba4fb15db0c277614338d377fe430d2
CVE-2020-27815 edited at 15 Dec 2020 22:37:07
Description
- In the Linux kernel through 5.9.6, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.
+ In the Linux kernel up until 5.11, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.
CVE-2020-27815 edited at 01 Dec 2020 10:53:00
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ In the Linux kernel through 5.9.6, there is an array-index-out-of-bounds in fs/jfs/jfs_dmap.c in dbAdjTree and it may cause out of bounds reads and denial of service.
References
+ https://www.openwall.com/lists/oss-security/2020/11/30/5
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=c61b3e4839007668360ed8b87d7da96d2e59fc6c
Notes
CVE-2020-27815 created at 01 Dec 2020 10:50:37