An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel. An attacker who is able to mount a xfs filesystem can trigger a denial of service while attempting to sync a file located an XFS v5 image with crafted metadata. Reference and upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62 https://lore.kernel.org/linux-xfs/20200221153803.GP9506@magnolia/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1832545]
Mitigation: This flaw requires an attacker being able to have the system mount a crafted filesystem. If the xfs filesystem is not in use, the 'xfs' kernel module can be blacklisted and the module will not be loaded when the filesystem is mounted, mounting will fail. However, if this filesystem is in use, this workaround will not be suitable. To find out how to blacklist the "xfs" kernel module please see https://access.redhat.com/solutions/41278 or contact Red hat Global Support services
Statement: This issue is rated as having Low impact because of the preconditions needed to trigger it (administrative account or physical access).
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3545 https://access.redhat.com/errata/RHSA-2020:3545
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12655
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609