6.4 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
32.2%
A use-after-free flaw was found in the Linux Kernel. This issue occurs due to a race between cm4040_open() and reader_detach() in drivers/char/pcmcia/cm4040_cs.c when a physically proximate attacker removes a PCMCIA device while calling open().
This flaw can be mitigated by preventing the affected CardMan 4040 kernel module from loading during the boot time, ensure the module is added into the blacklist file.
Refer:
How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278