CVE-2020-35513
MediumA flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
CVSS 3.1 score
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness type
CWE-271CVE-2020-35513 is classified as CWE-271
See CWE-271 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2020-35513 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Kernel.orghttps://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297%40fieldses.org/
-
PatchKernel patch commithttps://bugzilla.redhat.com/show_bug.cgi?id=1911309
Frequently asked questions
-
What is CVE-2020-35513?
CVE-2020-35513 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.9 out of 10 . CVE-2020-35513 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2020-35513?
CVE-2020-35513 has a CVSS score of 4.9 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2020-35513?
No patch is currently available for CVE-2020-35513. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2020-35513 actively exploited?
No — CVE-2020-35513 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.