Описание
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
An information leak flaw was found in the Linux kernel's USB digital video device driver. An attacker with a malicious USB device presenting itself as a 'Technotrend/Hauppauge USB DEC' device is able to issue commands to this specific device and leak kernel internal memory information. The highest threat from this vulnerability is a breach of data confidentiality.
Меры по смягчению последствий
As the ttusb_dec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
echo "install ttusb_dec /bin/true" >> /etc/modprobe.d/disable-cifs.conf
The system will need to be restarted if the ttusb_dec module is already loaded. In most circumstances, the CIFS kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 7 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Fix deferred | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:4609 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:4431 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.4 Low
CVSS3
Связанные уязвимости
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
Уязвимость драйвера drivers/media/usb/ttusb-dec/ttusb_dec.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
2.4 Low
CVSS3