Lucene search

K
osv
GoogleOSV:ASB-A-170658976
HistoryJan 01, 2021 - 12:00 a.m.

flaw in Linux kernel's implementation of Userspace core dumps

2021-01-0100:00:00
Google
osv.dev
23

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

5.4 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

16.4%

In fill_thread_core_info of binfmt_elf.c, there is a possible leak of kernel heap memory due to uninitialized data. This could lead to local information disclosure to an application core dump with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
:linux_kernel:eqKernel
How to protect your server from attacks?

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

5.4 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

16.4%

Related for OSV:ASB-A-170658976