CVE-2020-14314

Public on 2020-09-15

Modified on 2020-10-27

Description

A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

Severity

Medium

See what this means

CVSS v3 Base Score

5.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2020-10-26 18:08	ALAS-2020-1437
Amazon Linux 2 - Core	kernel	2020-09-28 20:57	ALAS2-2020-1495
Amazon Linux 2 - Kernel-5.4 Extra	kernel	2022-01-20 19:31	ALAS2KERNEL-5.4-2022-016

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv2	2.1	AV:L/AC:L/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2020-14314 Mitre: CVE-2020-14314 FAQs regarding Amazon Linux ALAS/CVE Severity