Lucene search

K
redhatcveRedhat.comRH:CVE-2021-37159
HistoryJul 23, 2021 - 1:50 p.m.

CVE-2021-37159

2021-07-2313:50:14
redhat.com
access.redhat.com
81

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.4%

A flaw use-after-free in the Linux kernel USB High Speed Mobile Devices functionality was found in the way user detaches USB device. A local user could use this flaw to crash the system or escalate their privileges on the system.

Mitigation

To mitigate this issue, prevent the module hso from being loaded. Please see <https://access.redhat.com/solutions/41278&gt; for information on how to blacklist a kernel module to prevent it from loading automatically.

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.4%