Описание
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
A use-after-free flaw was found in the RIO500 driver in the Linux kernel. The implementation of the driver did not consider that multiple RIO500 devices could be attached to the same system, simultaneously. When a second device connects, the system overwrites the data structures in use by the first allowing a local attacker to possibly create a use-after-free situation which can lead to memory corruption, system panic, or privilege escalation. The highest threat from this vulnerability is to system availability, although data integrity is also at risk as well.
Меры по смягчению последствий
As the rio500 module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
echo "blacklist rio500" >> /etc/modprobe.d/rio-500.conf
echo "install rio500 /bin/false" >> /etc/modprobe.d/rio-500.conf
The system will need to be restarted if the RIO500 modules are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any devices or programs are using the USB device. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
An issue was discovered in the Linux kernel before 5.1.8. There is a d ...
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
Уязвимость драйвера drivers/usb/misc/rio500.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.1 Medium
CVSS3