Bugzilla – Bug 1177881
VUL-0: CVE-2020-6104,CVE-2020-6105,CVE-2020-6106,CVE-2020-6107,CVE-2020-6108: f2fs-tools: specially crafted f2fs filesystems can cause code execution
Last modified: 2024-07-04 12:28:29 UTC
CVE-2020-6104 An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools f2fs.fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability. References: https://bugzilla.redhat.com/show_bug.cgi?id=1888770 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6104 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6104.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6104 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046 CVE-2020-6105 An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. References: https://bugzilla.redhat.com/show_bug.cgi?id=1888773 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6105 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6105.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6105 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047 CVE-2020-6106 An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. References: https://bugzilla.redhat.com/show_bug.cgi?id=1888776 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6106 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6106.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6106 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048 CVE-2020-6107 An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability. References: https://bugzilla.redhat.com/show_bug.cgi?id=1888780 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6107 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6107.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6107 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049 CVE-2020-6108 An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. References: https://bugzilla.redhat.com/show_bug.cgi?id=1888783 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6108 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6108.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6108 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
This is an autogenerated message for OBS integration: This bug (1177881) was mentioned in https://build.opensuse.org/request/show/888529 15.2 / f2fs-tools https://build.opensuse.org/request/show/888530 Backports:SLE-15-SP3 / f2fs-tools
Submissions posted.
(In reply to Jan Engelhardt from comment #2) > Submissions posted. Thanks. Fixed in all openSUSE codestreams.