Описание
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability.
Отчет
This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (physical access and/or system-wide out-of-memory condition).
Меры по смягчению последствий
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8xxxu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 5 | kernel | Not affected | ||
Red Hat Enterprise Linux 6 | kernel | Not affected | ||
Red Hat Enterprise Linux 7 | kernel | Not affected | ||
Red Hat Enterprise Linux 7 | kernel-alt | Fix deferred | ||
Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
Red Hat Enterprise MRG 2 | kernel-rt | Not affected | ||
Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:4609 | 04.11.2020 |
Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:4431 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net ...
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
Уязвимость функции rtl8xxxu_submit_int_urb() (drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.6 Medium
CVSS3