CVE-2022-0487

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2044561
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5095
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2044561
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5095
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.13.19 (включая)

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00047

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2022-0487

CVSS3: 5.5

ubuntu

больше 3 лет назад

CVE-2022-0487

CVSS3: 5.5

redhat

больше 3 лет назад

CVE-2022-0487

CVSS3: 5.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-0487

CVSS3: 5.5

debian

больше 3 лет назад

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...

GHSA-g6g9-f4gj-gxqv

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 14%

0.00047

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-416