CVE-2020-36775: 
Linux Debian vulnerability analysis and mitigation

CVE-2020-36775 addresses a potential deadlock vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The vulnerability was discovered in the f2fs_write_compressed_pages() function, where improper locking mechanisms could lead to system deadlocks. This issue affects Linux kernel versions up to (excluding) 5.4.189 and versions from (including) 5.5.0 up to (excluding) 5.6.7 (NVD).

The vulnerability stems from improper locking mechanisms in the F2FS filesystem's compressed pages writing functionality. The issue occurs specifically in the f2fs_write_compressed_pages() function, which was using f2fs_lock_op() directly instead of f2fs_trylock_op(). This implementation could lead to potential deadlocks similar to those previously addressed in f2fs_write_single_data_page(). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in system deadlocks, potentially affecting system availability. While the vulnerability requires local access and cannot lead to information disclosure or integrity compromise, it can cause system hangs or freezes, impacting the overall system availability (NVD).

The vulnerability has been fixed by modifying the f2fs_write_compressed_pages() function to use f2fs_trylock_op() instead of f2fs_lock_op(), similar to the approach used in f2fs_write_single_data_page(). The fix has been implemented in the Linux kernel through a patch that changes the locking mechanism to prevent potential deadlocks (Kernel Patch).