Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23898
HistoryApr 10, 2020 - 12:39 a.m.

Privilege Escalation

2020-04-1000:39:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

kernel is vulnerable to privilege escalation. The vulnerability exists as permission issues were found in the megaraid_sas driver. The “dbg_lvl” and “poll_mode_io” files on the sysfs file system (“/sys/”) had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver.

References

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C