7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.0%
A flaw was found in the Linux kernel’s implementation of MIDI, where an
attacker with a local account and the permissions to issue ioctl commands
to midi devices could trigger a use-after-free issue. A write to this
specific memory while freed and before use causes the flow of execution to
change and possibly allow for memory corruption or privilege escalation.
The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability.
Author | Note |
---|---|
cascardo | commit 39675f7a7c7e7702f7d5341f1e0d01db746543a0 would be a pre-req. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-109.110 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-40.44 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-185.215 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1077.81 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1018.18 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1110.121 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1074.78~16.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1020.20 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1091.101~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < 4.15.0-1091.101 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.0%