Main Vulnerability Database Vulnerabilities #VU47657

#VU47657 External Control of File Name or Path in F2fs.Fsck - CVE-2020-6105

Published: October 15, 2020

Vulnerability identifier: #VU47657

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6105

CWE-ID: CWE-73

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
F2fs.Fsck

Software vendor:
F2fs-Tools

Description

The vulnerability allows a local user to delete arbitrary files.

The vulnerability exists due to application allows an attacker to control path of the files to delete in the multiple devices functionality. A local administrator can use a specially crafted f2fs filesystem and delete arbitrary files on the system, leading to arbitrary code execution.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1047