SB2020101506 - Multiple vulnerabilities in F2fs-Tools F2fs.Fsck
Published: October 15, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-6104)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "get_dnode_of_data" functionality. A local administrator can use a specially crafted f2fs filesystem, trigger out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds write (CVE-ID: CVE-2020-6108)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error in the "fsck_chk_orphan_node" functionality. A local administrator can use a specially crafted f2fs filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Information disclosure (CVE-ID: CVE-2020-6107)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the "dev_read" functionality. A local administrator can use a specially crafted f2fs filesystem and gain unauthorized access to sensitive information on the system.
4) Out-of-bounds read (CVE-ID: CVE-2020-6106)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the "init_node_manager" functionality. A local administrator can use a specially crafted filesystem, trigger out-of-bounds read error and read contents of memory on the system.
5) External Control of File Name or Path (CVE-ID: CVE-2020-6105)
The vulnerability allows a local user to delete arbitrary files.
The vulnerability exists due to application allows an attacker to control path of the files to delete in the multiple devices functionality. A local administrator can use a specially crafted f2fs filesystem and delete arbitrary files on the system, leading to arbitrary code execution.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1046
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1050
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1049
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1048
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1047