CVE-2020-6107

2020-10-1514:45:08

CWE-253

talos

www.cve.org

cve-2020-6107

information disclosure

dev_read functionality

f2fs filesystem

uninitialized read

attack vector

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "product": "F2fs-Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "F2fs-Tools F2fs.Fsck 1.13"
      }
    ]
  }
]