CVE-2020-27815

NameCVE-2020-27815
DescriptionA flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2557-1, DLA-2586-1, DSA-4843-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
sid, trixie6.11.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch4.9.258-1DLA-2586-1
linuxsourcebuster4.19.171-2DSA-4843-1
linuxsource(unstable)5.10.4-1
linux-4.19sourcestretch4.19.171-2~deb9u1DLA-2557-1

Notes

https://www.openwall.com/lists/oss-security/2020/11/30/5

Search for package or bug name: Reporting problems