Lucene search

K
redosRedosROS-20240418-07
HistoryApr 18, 2024 - 12:00 a.m.

ROS-20240418-07

2024-04-1800:00:00
redos.red-soft.ru
6
linux kernel
component
vulnerability
integrity
arbitrary code
unauthorized access
sensitive information
denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0

Percentile

15.5%

A vulnerability in the idxd: component of the Linux operating system kernel is related to pasid writing when the
device. Exploitation of the vulnerability could allow an attacker to impact the integrity of the
protected information

A vulnerability in the nftables: component of the Linux kernel is related to memcpy() interruption
function when connlimit is used on set elements. Exploitation of the vulnerability could allow an attacker to
execute arbitrary code

A vulnerability in the idxd: component of the Linux operating system kernel is related to the ability to make changes,
when the device is enabled but wq is disabled. Exploitation of the vulnerability could allow an attacker to execute
arbitrary code

Vulnerability in the net: component of the Linux kernel is related to the generation of a dereference of the
NULL pointer of tcp_available_congestion_control and tcp_allowed_congestion_control. Exploitation
of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the idxd: component of the Linux operating system kernel is related to a lack of register clearing
WQCFG. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to the
protected information

Vulnerability in the idxd: component of the Linux operating system kernel is related to the generation of dereferencing of the
NULL pointer during ethtool loopback test execution. Exploitation of the vulnerability could allow
an attacker to cause a denial of service

A vulnerability in the idxd: component of the Linux operating system kernel is related to overwriting the SWERR and
OVERFLOW. Exploitation of the vulnerability could allow an attacker to disclose sensitive information

Vulnerability in ch_ktls: component of Linux kernel is related to lack of synchronization locking.
synchronization. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the ixgbe: component of the Linux operating system kernel is related to resource release errors.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the nft_limit_init div_u64() function of the Linux kernel is related to the lack of
verification of correctness of mathematical operations. Exploitation of the vulnerability could allow
an attacker to cause a denial of service

Vulnerability in the kmap_local() function of a Linux kernel is related to doubling the number of slots of the
fixmap slots for each processor allocated to kmap_local(). Exploitation of the vulnerability could allow
an attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt< 5.15.10-1UNKNOWN

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0

Percentile

15.5%