CVE-2020-35513 [Medium] | Denial of Service in Linux Kernel

A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-20	0.21%	0.32%	+0.11%
2	2025-11-24	0.04%	0.21%	+0.17%
3	2025-11-21	—	0.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-20

0.21%

0.32%

+0.11%

2025-11-24

0.04%

0.21%

+0.17%

2025-11-21

—

0.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.9	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:H) They need powerful rights—admin, root, or similar—before this pays off. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.2	3.6	[email protected]
4.0	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	8.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.9

3.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H): They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.2

3.6

[email protected]

4.0

2.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

8.0

2.9

[email protected]

OS Trackers for CVE-2020-35513

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2020-35513 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2020-35513
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2020-35513
`suse`	medium	CVE-2020-35513 severity moderate: SUSE including 27 source package names (bpftool-3.10.0-1160.15.2.el7, kernel-3.10.0-1160.15.2.el7, …), 259 product×package rows across 55 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (55 product lines)): Known Not Affected 246, Fixed 13.	https://www.suse.com/security/cve/CVE-2020-35513/
`ubuntu`	low	CVE-2020-35513 low priority: Ubuntu including 41 source packages (linux, linux-aws, …), 246 status rows across 6 suites (bionic, focal, groovy, trusty, upstream, xenial): DNE 136, released 48, not-affected 40, ignored 22.	https://ubuntu.com/security/CVE-2020-35513

Affected software / configurations for CVE-2020-35513

Vendor	Product	Version	Raw CPE
linux	linux_kernel	4.2	cpe:2.3:o:linux:linux_kernel:4.2:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

References for CVE-2020-35513

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1911309	Issue Tracking Patch Third Party Advisory
https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297%40fieldses.org/

URL

CVE-2020-35513

Exploit prediction scoring system (EPSS) score for CVE-2020-35513

Common vulnerability scoring system (CVSS) metrics for CVE-2020-35513

Weakness enumeration for CVE-2020-35513

OS Trackers for CVE-2020-35513

Affected software / configurations for CVE-2020-35513

References for CVE-2020-35513