Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11609

Опубликовано: 03 янв. 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

A flaw was found in the way the stv06xx driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access).

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module gspca_stv06xx. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1833452kernel: NULL pointer dereference due to incorrect handling of invalid descriptors in stv06xx subsystem

EPSS

Процентиль: 20%
0.00064
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11609

CVSS3: 4.3
ubuntu
около 5 лет назад

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

nvd логотип

CVE-2020-11609

CVSS3: 4.3
nvd
около 5 лет назад

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

msrc логотип

CVE-2020-11609

CVSS3: 4.3
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-11609

CVSS3: 4.3
debian
около 5 лет назад

An issue was discovered in the stv06xx subsystem in the Linux kernel b ...

github логотип

GHSA-g4x2-424v-7x3q

github
около 3 лет назад

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

EPSS

Процентиль: 20%
0.00064
Низкий

4.3 Medium

CVSS3