Lucene search

K
osvGoogleOSV:USN-5916-1
HistoryMar 03, 2023 - 12:59 a.m.

linux vulnerability

2023-03-0300:59:06
Google
osv.dev
17
linux
kernel
memory allocation
denial of service
code execution
vulnerability
jann horn
data structure reuse
local attacker
system crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.2%

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.2%