First published: Mon Mar 02 2020(Updated: )
A flaw was discovered in the XFS source in the Linux kernel. This flaw allows an attacker with the ability to mount an XFS filesystem, to trigger a denial of service while attempting to sync a file located on an XFS v5 image with crafted metadata.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-alt | <0:4.14.0-115.29.1.el7a | 0:4.14.0-115.29.1.el7a |
redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
Linux Linux kernel | <=5.6.10 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
This flaw requires an attacker being able to have the system mount a crafted filesystem. If the xfs filesystem is not in use, the 'xfs' kernel module can be blacklisted and the module will not be loaded when the filesystem is mounted, mounting will fail. However, if this filesystem is in use, this workaround will not be suitable. To find out how to blacklist the "xfs" kernel module please see https://access.redhat.com/solutions/41278 or contact Red hat Global Support services
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)