6.4 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
32.2%
A possible race condition was found in drivers/char/pcmcia/cm4000_cs.c between the cmm_open() and the cm4000_detach() functions if the user physically removes the PCMCIA device in the Linux kernel. This flaw may eventually result in a use-after-free (UAF) flaw.
This flaw can be mitigated by preventing the affected CardMan Mobile 4000 kernel module from loading during the boot time. Ensure the module is added into the blacklist file.
Refer:
How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278