Описание
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.
Отчет
This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).
Меры по смягчению последствий
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
Red Hat Enterprise Linux 7 | kernel-alt | Fix deferred | ||
Red Hat Enterprise MRG 2 | kernel-rt | Out of support scope | ||
Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:4062 | 29.09.2020 |
Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:4060 | 29.09.2020 |
Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:4609 | 04.11.2020 |
Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:4431 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS3
Связанные уязвимости
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
Уязвимость функции rtl_usb_probe() (drivers/net/wireless/realtek/rtlwifi/usb.c ) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
4.6 Medium
CVSS3