Lucene search

K
redosRedosROS-20240820-09
HistoryAug 20, 2024 - 12:00 a.m.

ROS-20240820-09

2024-08-2000:00:00
redos.red-soft.ru
6
linux kernel
vulnerability
memory usage
denial of service
confidentiality
integrity
availability
attacker
impact
exploit
component
information security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

Vulnerability of mutex_unlock() function in spi component of Linux kernel is related to
memory usage after mutex add_lock is released. Exploitation of the vulnerability could allow
an intruder to affect confidentiality, integrity and availability of protected information

The vulnerability of the ip_route_use_hint() function in the ipv4 component of the Linux operating system kernel is related to
null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

Vulnerability of qla2x00_els_dcmd_sp_free() function in drivers/scsi/qla2xxx/qla_iocb.c module of QLogic driver
QLA2XXX of the Linux operating system kernel is related to the re-release of previously freed memory.
Exploitation of the vulnerability could allow an attacker to cause a denial of service or other
impact

Vulnerability of the interface_authorized_store() function in the drivers/usb/core/sysfs.c module of the USB driver module of the kernel of the Linux operating system is related to infinite cycling of memory.
of the Linux operating system is related to an infinite resource wait cycle. Exploitation of the vulnerability could
allow an attacker to affect the confidentiality, integrity, and availability of protected information
information

Vulnerability of synchronize_rcu() function in ipset component of Linux operating system kernel is related to
performance degradation in swap operation. Exploitation of the vulnerability could allow an attacker to
affect confidentiality, integrity and availability of protected information

Vulnerability of do_sys_name_to_handle() function in kernel-infoleak component of Linux operating system kernel
is related to a kernel information leak in do_sys_name_to_handle(). Exploitation of the vulnerability could allow
an intruder to affect confidentiality, integrity and availability of protected information

Vulnerability of nci_free_device() function in module net/nfc/nci/data.c of NFC Controller Interface implementation
(NCI) kernel of the Linux operating system is related to rx_data_reassembly package leak. Exploitation
the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the lpfc_mbx_cmpl_fc_reg_login() function in the drivers/scsi/lpfc/lpfc_hbadisc.c module of the drivers/scsi/lpfc/lpfc_hbadisc.c kernel of the
of the Linux operating system is related to the reuse of previously freed memory. Exploitation
exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity and availability of protected information.
availability of protected information

A vulnerability in the dm_sw_fini() function in the drivers/gpu/drm/amd/display/amdgppu_dm/amdgpu_dm.c module of the driver
The Linux operating system kernel amdgpu is associated with a memory leak. Exploitation of the vulnerability could allow
an attacker to disclose protected information

A vulnerability in the rfcomm component of the Linux kernel is related to null pointer dereferencing.
pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the mediatek component of the Linux operating system kernel is related to power domain registration
first by genpd and then by the driver attempting to include them in the probing sequence,
then a race condition occurs. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity, and availability of protected information

A vulnerability in the pm80xx component of the Linux operating system kernel is related to the driver’s inability to
to free all allocated memory. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

A vulnerability in the cfg80211_change_iface() function in the net/wireless/util.c module of a Linux operating system kernel
is related to incorrect data initialization. Exploitation of the vulnerability could allow an attacker to cause
affect confidentiality, integrity and availability of protected information

Vulnerability of the set_eth_seg() function in the drivers/infiniband/hw/mlx5/wr.c module of the Mellanox 5th
5th generation network adapters (ConnectX series) driver of Linux kernel is related to writing outside the allocated buffer.
outside of the allocated buffer. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity and availability of protected information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64kernel-lt< 6.1.94-1UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low