CVE-2024-50080

Опубликовано: 29 окт. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

ublk: don't allow user copy for unprivileged device

UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted.

So don't allow user copy for unprivileged device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.5 (включая) до 6.6.58 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.11.5 (исключая)

cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00031

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2024-50080

CVSS3: 5.5

ubuntu

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device.

CVE-2024-50080

CVSS3: 5.5

redhat

8 месяцев назад

CVE-2024-50080

CVSS3: 5.5

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-50080

CVSS3: 5.5

debian

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: u ...

GHSA-4mgj-f599-w3j8

CVSS3: 5.5

github

8 месяцев назад

EPSS

Процентиль: 7%

0.00031

Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo