CVE-2020-12655
Published: 5 May 2020
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
From the Ubuntu Security Team
It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-115.116)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-45.49)
|
|
groovy |
Not vulnerable
(5.8.0-16.17)
|
|
hirsute |
Not vulnerable
(5.8.0-36.40+21.04.1)
|
|
trusty |
Ignored
(was needed ESM criteria)
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.4.0-222.255)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1080.84)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-1022.22)
|
|
groovy |
Not vulnerable
(5.8.0-1004.4)
|
|
hirsute |
Not vulnerable
(5.8.0-1018.20+21.04.1)
|
|
trusty |
Released
(4.4.0-1102.107)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.4.0-1138.152)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1033.35)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1022.22~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.15.0-1080.84~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-1023.23)
|
|
groovy |
Not vulnerable
(5.8.0-1004.4)
|
|
hirsute |
Not vulnerable
(5.8.0-1016.17+21.04.1)
|
|
trusty |
Released
(4.15.0-1093.103~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.15.0-1093.103~16.04.1)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1093.103)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1035.36)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1023.23~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1005.8)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-1022.22)
|
|
groovy |
Not vulnerable
(5.8.0-1002.2)
|
|
hirsute |
Not vulnerable
(5.8.0-1015.15+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.15.0-1081.92~16.04.1)
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1081.92)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1022.22~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1067.70)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1033.35)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1025.25~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.4.0-1008.9)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1001.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-65.59)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.15.0-115.116~16.04.1)
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-45.49~18.04.2)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.8.0-23.24~20.04.1)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1072.73)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-1021.21)
|
|
groovy |
Not vulnerable
(5.8.0-1001.1)
|
|
hirsute |
Not vulnerable
(5.8.0-1010.11+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.4.0-1103.112)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Released
(4.4.0-222.255~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1094.104)
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Not vulnerable
(5.10.0-1008.9)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(5.6.0-1031.32)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1051.55)
|
eoan |
Ignored
(end of life)
|
|
focal |
Released
(5.4.0-1022.22)
|
|
groovy |
Not vulnerable
(5.8.0-1001.1)
|
|
hirsute |
Not vulnerable
(5.8.0-1014.14+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Released
(4.15.0-1051.55~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needed)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1022.22~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(5.4.0-1016.17)
|
|
groovy |
Not vulnerable
(5.4.0-1016.17)
|
|
hirsute |
Not vulnerable
(5.8.0-1008.11+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.4.0-1016.17~18.04.1)
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1068.72)
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
(end of life, was needs-triage)
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1032.34)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
focal |
Released
(5.4.0-31.35)
|
|
groovy |
Not vulnerable
(5.8.0-1.1)
|
|
hirsute |
Not vulnerable
(5.8.0-10.12+21.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1084.92)
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.7~rc1)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
- https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62
- https://github.com/torvalds/linux/commit/d0c7feaf87678371c2c09b3709400be416b2dc62
- https://lore.kernel.org/linux-xfs/20200221153803.GP9506@magnolia/
- https://ubuntu.com/security/notices/USN-4465-1
- https://ubuntu.com/security/notices/USN-4483-1
- https://ubuntu.com/security/notices/USN-4485-1
- https://ubuntu.com/security/notices/USN-5343-1
- https://www.cve.org/CVERecord?id=CVE-2020-12655
- NVD
- Launchpad
- Debian