VDB
CVE-2020-35513
CVE-2020-35513
PUBLISHED
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
EPSS 0.32% · 55.1th percentile
Risk Scores
EPSS Score
0.32%
55.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1092.102~14.04.1, 4.15.0-1091.101~14.04.1, 4.15.0-1089.99~14.04.1 |
| Ubuntu:18.04:LTS | linux-azure | 5.0.0-1018.19~18.04.1, *, 4.15.0-1014.14 |
| Ubuntu:18.04:LTS | linux-raspi2 | 0, 4.13.0-1005.5, 4.13.0-1006.6 |
| Ubuntu:18.04:LTS | linux-aws | 4.15.0-1005.5, 4.15.0-1003.3, 4.15.0-1001.1 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-26.30, 5.4.0-24.28, 5.4.0-40.45 |
| Ubuntu:18.04:LTS | linux-hwe | 5.0.0-37.40~18.04.1, 5.3.0-26.28~18.04.1, 5.3.0-28.30~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | *, 0, 4.4.0-13.29~14.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1138.144, 4.4.0-1136.142, 4.4.0-1135.141 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1013.18, 5.0.0-1014.19, * |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 5.3.0-1030.32~18.04.1, 5.3.0-1032.34~18.04.1, * |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1024.25, 4.15.0-1026.27, 4.15.0-1027.28 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | *, 5.3.0-1030.32~18.04.1, 5.3.0-1028.30~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 5.3.0-1022.23~18.04.1, 5.3.0-1028.29~18.04.1, 5.3.0-1031.32~18.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.3 | *, 5.3.0-1033.35, 5.3.0-1032.34~18.04.2 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.0.0-15.16~18.04.1, 0, 5.3.0-23.25~18.04.2 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1006.6~18.04.1, 5.0.0-1012.12~18.04.2, * |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1003.3, 4.15.0-1002.2, 0 |
| Ubuntu:16.04:LTS | linux-hwe | *, 0, 4.8.0-36.36~16.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.13.0-19.22~16.04.1, 4.13.0-17.20~16.04.1, 4.13.0-16.19~16.04.3 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-113.160, 0, 3.11.0-12.19 |
…and 7 more
Timeline
- Jan 25, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-35513 third-party-advisory
- https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-35513 third-party-advisory