Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0110

Опубликовано: 07 мая 2020
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

A flaw was found in the Pressure stall information subsystem. This flaw allows a local attacker with the ability to write to root-owned files to corrupt kernel stack memory.

Меры по смягчению последствий

As the attacker must have the ability to write to these files, a possible mitigation would be to reduce the access that users and their processes would have to the files used in the attack. The files within the /proc/ filesystem can be temporarily modified with the chmod/chown command for each boot.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1836936kernel: out of bound write when writing 0 bytes to PSI files which could result in local privilege escalation

EPSS

Процентиль: 4%
0.0002
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0110

CVSS3: 7.8
ubuntu
больше 5 лет назад

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

nvd логотип

CVE-2020-0110

CVSS3: 7.8
nvd
больше 5 лет назад

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

debian логотип

CVE-2020-0110

CVSS3: 7.8
debian
больше 5 лет назад

In psi_write of psi.c, there is a possible out of bounds write due to ...

github логотип

GHSA-849w-wv4j-9jqv

github
больше 3 лет назад

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

fstec логотип

BDU:2025-00843

CVSS3: 7.8
fstec
больше 5 лет назад

Уязвимость функции psi_write компонента psi.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%
0.0002
Низкий

7.8 High

CVSS3