Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0404

Опубликовано: 16 янв. 2021
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system.

Меры по смягчению последствий

To mitigate this issue, prevent the module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2022:197510.05.2022
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:198810.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1919791kernel: avoid cyclic entity chains due to malformed USB descriptors

EPSS

Процентиль: 40%
0.00182
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0404

CVSS3: 5.5
ubuntu
почти 5 лет назад

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

nvd логотип

CVE-2020-0404

CVSS3: 5.5
nvd
почти 5 лет назад

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

debian логотип

CVE-2020-0404

CVSS3: 5.5
debian
почти 5 лет назад

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...

github логотип

GHSA-mrvf-vwcf-3ghc

CVSS3: 5.5
github
около 3 лет назад

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

fstec логотип

BDU:2020-05784

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость функции uvc_scan_chain_forward драйвера USB операционной системы Android, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 40%
0.00182
Низкий

5.5 Medium

CVSS3