Lucene search

K
redosRedosROS-20240813-03
HistoryAug 13, 2024 - 12:00 a.m.

ROS-20240813-03

2024-08-1300:00:00
redos.red-soft.ru
12
linux kernel
driver functions
pointer dereferencing
memory usage
arbitrary code execution
denial of service
confidentiality
integrity
availability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

Vulnerability of the user_sdma_txadd function of the Infiniband driver of the Linux kernel is related to a pointer dereferencing error.
pointer dereferencing error. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code

Vulnerability of the i2c_put_adapter() function in the drivers/i2c/i2c-core-base.c module of the I2C bus driver of the I2C kernel of the
of the Linux operating system is related to memory usage after it is freed. Exploitation
exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information.
availability of protected information

Vulnerability of thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c module of EDAC driver
(Error Detection and Correction) driver of the Linux kernel is related to memory writes outside the allocated buffer.
of the allocated buffer. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information

Vulnerability of the kv_parse_power_table function of the PM Driver component of the Linux kernel is related to memory usage after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to
execute arbitrary code

Vulnerability of vgic_its_check_cache() function in arch/arm64/kvm/vgic/vgic-its.c module of Kernel virtualization subsystem.
of Kernel-based Virtual Machine (KVM) virtualization subsystem of Linux kernel is related to
memory utilization after it has been freed. Exploitation of the vulnerability could allow an attacker to have an impact on the confidentiality, integrity, and security of the virtualization system.
affect confidentiality, integrity and availability of protected information

Vulnerability of_syscon_register function of MFD driver of Linux kernel is related to a pointer dereferencing error.
pointer dereferencing error. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of check_stack_write_fixed_off() function in kernel/bpf/verifier.c module of Linux kernel is related to incorrect pointer dereferencing.
Linux kernel is related to incorrect case checking. Exploitation of the vulnerability could allow
an intruder to affect the integrity of protected information

Vulnerability of the function finish_mount_kattr() of the mount_kattr component of the Linux kernel is related to
a bug in the finish_mount_kattr() function. Exploitation of the vulnerability could allow an attacker to
obtain confidential information

Vulnerability in functions map_usb_set_vbus() and omap_usb_start_srp() in module drivers/phy/ti/phy-omap-usb2.c
of the TI (Texas Instruments) USB device driver of the Linux kernel is related to the dereferencing of a null pointer.
of a null pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of the binder_enqueue_thread_work_ilocked() function in the drivers/android/binder.c module of the drivers/android/binder.c kernel of the Linux operating system is related to uncontrolled pointer dereferencing.
in the drivers/android/binder.c module of the Linux kernel is associated with uncontrolled resource consumption. Exploitation of the vulnerability could
allow an attacker acting remotely to cause a denial of service

Vulnerability in the moxart_remove function of the moxart component of the Linux kernel is related to the following
memory usage after memory freeing. Exploitation of the vulnerability could allow an attacker to cause
affect confidentiality, integrity and availability of protected information

Vulnerability in AMD Radeon graphics card driver of Linux kernel is related to the dereferencing of the
null pointer in the radeon_crtc_init() function in the drivers/gpu/drm/radeon/radeon_display.c module.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of rmnet_fill_info() function in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c module
MAP (Multiplexing and Aggregation Protocol) implementation of the Qualcomm NIC driver of the kernel of the
of the Linux operating system is related to reading memory outside the allocated buffer. Exploitation
exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity and availability of protected information.
availability of protected information

Vulnerability of the sys_membarrier function of the membarrier component of the Linux operating system kernel is associated with
uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability of efivarfs_reconfigure() function in the fs/efivarfs/super.c module of the EFI Variable file system
Filesystem of the Linux operating system kernel is related to null pointer dereferencing. Exploitation
exploitation of the vulnerability could allow an intruder to affect the integrity and availability of protected information.
information

Vulnerability of ext4 filesystem of Linux operating system kernel is related to memory usage after its release due to competitive access to protected information.
memory after it has been freed due to competitive access to a resource (race condition). Exploitation of the vulnerability could
allow an attacker to impact the confidentiality, integrity, and availability of protected
information

The vulnerability of the restore_fpregs_from_user() function in the arch/x86/kernel/fpu/signal.c module of the FPU driver of the kernel of the
of the Linux operating system is related to insufficient control of user data admissibility.
Exploitation of the vulnerability could allow an intruder to impact the confidentiality,
integrity and availability of protected information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt< 6.1.94-1UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low