CVE-2019-2024

Опубликовано: 14 мар. 2019

Источник: redhat

CVSS3: 4.7

Описание

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel

A flaw was found in the em28xx_dvb_fini() function in the drivers/media/usb/em28xx/em28xx-dvb.c file in the Linux kernel. A use-after-free vulnerability in em28xx/em28xx-dvb.c can cause denial of service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1696017kernel: media: em28xx: Use-after-free in em28xx/em28xx-dvb.c when disconnecting

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2019-2024

CVSS3: 7.8

ubuntu

больше 6 лет назад

CVE-2019-2024

CVSS3: 7.8

nvd

больше 6 лет назад

CVE-2019-2024

CVSS3: 7.8

debian

больше 6 лет назад

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use afte ...

GHSA-rgcg-7mf9-jv5w

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2019:1085-1

suse-cvrf

почти 7 лет назад

Security update for the Linux Kernel

4.7 Medium

CVSS3