5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
20.4%
kernel is vulnerable to Use-after-free. A race condition between the VT_DISALLOCATE
ioctl and closing/opening of ttys could lead to a use-after-free resulting in an application crash.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
access.redhat.com/errata/RHSA-2021:1578
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2112688
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
20.4%