CVE-2020-11935

MEDIUM 4.4

aufs: improperly managed inode reference counts in the vfsub_dentry_open() method

CVSS Score

4.4

EPSS Score

0.0%

EPSS Percentile

0th

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

CWE	CWE-911
Vendor	ubuntu
Product	linux kernel (aufs filesystem module)
Published	Apr 7, 2023
Last Updated	Aug 4, 2024

Stay Ahead of the Next One

Get instant alerts for ubuntu linux kernel (aufs filesystem module)

Be the first to know when new medium vulnerabilities affecting ubuntu linux kernel (aufs filesystem module) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Ubuntu / Linux kernel (aufs filesystem module)

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ubuntu.com: https://ubuntu.com/security/CVE-2020-11935 bugs.launchpad.net: https://bugs.launchpad.net/bugs/1873074

Credits

Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service.