CVE-2020-8992: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-8992 affects the ext4_protect_reserved_inode function in fs/ext4/block_validity.c in the Linux kernel through version 5.5.3. The vulnerability was discovered by Shijie Luo and disclosed in February 2020. The issue affects Linux kernel implementations and various systems that use the ext4 filesystem (NVD, Ubuntu).

The vulnerability occurs when the journal size is set too large via "mkfs.ext4 -J size=" or when mounting a crafted image with an oversized journal inode->i_size. The issue manifests in a loop condition "while (i < num)" that holds CPU resources for an extended period, potentially causing a soft lockup condition (Patchwork). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NetApp).

When successfully exploited, this vulnerability allows attackers to cause a denial of service (soft lockup) by crafting a malicious journal size in an ext4 filesystem image. The impact is limited to system availability, with no direct impact on confidentiality or integrity (NVD, Ubuntu).

The vulnerability has been patched by adding a cond_resched() call within the problematic loop in ext4_protect_reserved_inode. Multiple Linux distributions have released security updates to address this issue, including Ubuntu versions 14.04, 16.04, 18.04, and 19.10 (Ubuntu, Ubuntu, Ubuntu).