CVE-2019-9458

Опубликовано: 03 сент. 2019

Источник: redhat

CVSS3: 7

Описание

In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.

Отчет

This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver.

Меры по смягчению последствий

To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise MRG 2	kernel-rt	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2020:4062	29.09.2020
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHSA-2020:2854	07.07.2020
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2020:4060	29.09.2020
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2020:4609	04.11.2020
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2020:4431	04.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362->CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1819377kernel: use after free due to race condition in the video driver leads to local privilege escalation

7 High

CVSS3