Lucene search

K
redosRedosROS-20220413-01
HistoryApr 13, 2022 - 12:00 a.m.

ROS-20220413-01

2022-04-1300:00:00
redos.red-soft.ru
42

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.0%

Vulnerability in drivers/usb/gadget/composite.c driver of Linux kernel is related to an operation exceeding the memory buffer boundaries.
operation outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to execute
arbitrary code

Vulnerability in the implementation of close() and fget() functions of Linux kernels is related to the use of memory after its release by the “collector”.
memory after it has been freed by the garbage collector. Exploitation of the vulnerability could allow an attacker to
cause a denial of service or escalate privileges

A vulnerability in the implementation of the tc_new_tfilter() function of the Linux kernel is related to the use of memory after it has been freed by the “garbage collector”.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker to escalate their
privileges by using the user namespace (user namespace)

A vulnerability in the Linux kernel is related to the lack of permission checking in the cgroups function
function when writing to a file descriptor. Exploitation of the vulnerability could allow an attacker controlling
a low-privileged process to force a parent process with higher privileges to write
arbitrary data to files, which could result in a denial of service or privilege escalation

A vulnerability in the driver drivers/usb/gadget/function/rndis.c driver of the Linux operating system kernel is related to
information disclosure. Exploitation of the vulnerability could allow an attacker to gain unauthorized
access to protected information

Vulnerability of esp4 and esp6 modules of Linux operating system kernel is related to the operation exceeding the boundaries of a buffer in memory.
buffer in memory. Exploitation of the vulnerability could allow an attacker to escalate his privileges

Vulnerability in TCP/IP protocol stack implementation of the kernel of Linux operating systems is related to
errors in processing ICMPv6 packets. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability of the nf_tables module of the netfilter subsystem of the Linux kernel is related to the output of the
write operation out of buffer boundaries in memory during index processing. Exploitation of the vulnerability could
allow an attacker to escalate privileges by using calls to unshare(CLONE_NEWUSER) or
unshare(CLONE_NEWNET)

The vulnerability of the nf_tables module of the netfilter subsystem of the Linux kernel is related to the use of the following
uninitialized nft_do_chain pointer. Exploitation of the vulnerability could allow an attacker to
gain unauthorized access to protected information Vendor

A vulnerability in the watch_queue component of the Linux operating system kernel is related to writing beyond buffer boundaries
in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with the privileges of
root

Vulnerability in the implementation of function nft_fwd_dup_netdev_offload() of the netfilter subsystem of the kernel of operating systems
Linux is related to the write operation exceeding the buffer boundaries in memory. Exploiting the vulnerability could
allow an attacker to escalate privileges or cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt<= 5.15.10-4UNKNOWN

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.0%