Lucene search

K
redhatcveRedhat.comRH:CVE-2022-45885
HistoryNov 25, 2022 - 6:02 p.m.

CVE-2022-45885

2022-11-2518:02:20
redhat.com
access.redhat.com
20
linux
kernel
media subsystem
dvb core
race condition
use-after-free
vulnerability
local user
privilege escalation
mitigation
blacklisting kernel module

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_frontend() function when closing the device node of dvb_frontend if the device is disconnected. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Mitigation

To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the dvb-core kernel module. For instructions on how to blacklist a kernel module, please see <https://access.redhat.com/solutions/41278&gt;.

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%