CVE-2020-14314: 
Linux Kernel vulnerability analysis and mitigation

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This vulnerability was discovered by Jay Shin of Red Hat and allows a local user to crash the system if the directory exists. The vulnerability was assigned CVE-2020-14314 and has a CVSS 3.1 base score of 5.5 (Medium) (NVD).

The vulnerability occurs in the ext4 filesystem implementation when accessing a directory with broken indexing, leading to an out-of-bounds read vulnerability. The issue specifically manifests in the do_split() function where under certain conditions with broken directory indexing, the code could attempt to access a negative array index. The bug was fixed in Linux kernel version 5.9-rc2 through a patch that guards against potential negative array indexing (Kernel Patch).

The primary impact of this vulnerability is to system availability. A local attacker with the ability to access or create directories on an ext3/ext4 filesystem could trigger the vulnerability to cause a denial of service through system crash (Red Hat Bugzilla).

The primary mitigation is to update the Linux kernel to version 5.9-rc2 or later. For systems that cannot be immediately updated, a temporary workaround is to run the command 'e2fsck -Df /partition-name' to fix any broken directories on the partition or image (Red Hat Bugzilla).