CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_frontend() function when closing the device node of dvb_frontend if the device is disconnected. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the dvb-core
kernel module. For instructions on how to blacklist a kernel module, please see <https://access.redhat.com/solutions/41278>.