Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2021-3923
HistoryMar 27, 2023 - 9:15 p.m.

CVE-2021-3923

2023-03-2721:15:09
Debian Security Bug Tracker
security-tracker.debian.org
16
cve-2021-3923
kernel
privileged account
local access
information leakage
rdma
infiniband
device node
kernel protection
unix

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

0

Percentile

9.0%

A flaw was found in the Linux kernel’s implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

0

Percentile

9.0%