Veracode Vulnerability DatabaseVERACODE:39123Use-after-free
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
kernel is vulnerable to Use-after-free. A user is able to trigger concurrent calls of PCM hw_params and hw_free ioctls causing race condition to happen inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
access.redhat.com/errata/RHSA-2022:7444
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/solutions/6971358
bugzilla.redhat.com/show_bug.cgi?id=2066706
lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3
lore.kernel.org/lkml/[email protected]/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3
security.netapp.com/advisory/ntap-20220629-0001/
www.debian.org/security/2022/dsa-5127
www.debian.org/security/2022/dsa-5173
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%