Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36766

Опубликовано: 19 сент. 2023
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

A flaw was found in cec_adap_g_log_addrs in drivers/media/cec/core/cec-api.c in the Linux Kernel. This issue may allow a local attacker to leak one byte of kernel memory on specific hardware to unprivileged users, directly assigning log_addrs with a hole in the structure, causing a kernel information leak problem.

Меры по смягчению последствий

Mitigation for this issue is to skip loading the affected module HDMI Consumer Electronics Control framework driver "cec" onto the system until we have a fix available. This can be done by a blacklist mechanism, which will ensure the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 2kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2239712kernel: memory leak in drivers/media/cec/core/cec-api.c

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36766

CVSS3: 3.3
ubuntu
больше 2 лет назад

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

nvd логотип

CVE-2020-36766

CVSS3: 3.3
nvd
больше 2 лет назад

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

debian логотип

CVE-2020-36766

CVSS3: 3.3
debian
больше 2 лет назад

An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...

github логотип

GHSA-7qgc-m2cg-2rh4

CVSS3: 3.3
github
больше 2 лет назад

An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.

fstec логотип

BDU:2023-05906

CVSS3: 3.3
fstec
больше 5 лет назад

Уязвимость компонента drivers/media/cec/core/cec-api.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

3.3 Low

CVSS3