Описание
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
Меры по смягчению последствий
Possible mitigation would be to disable core dumps system-wide by setting:
- hard core 0 In the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:4062 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:4060 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:4609 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:4431 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel's implementation of Userspace cor ...
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
Уязвимость функции fill_thread_core_info() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании
3.3 Low
CVSS3