Описание
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1 (исключая)
cpe:2.3:o:google:fuchsia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00016
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-190
CWE-190
Связанные уязвимости
CVSS3: 7.8
github
почти 4 года назад
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond.
EPSS
Процентиль: 3%
0.00016
Низкий
5.3 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-190
CWE-190