CVE-2021-0924

Опубликовано: 03 авг. 2021

Источник: redhat

CVSS3: 7.8

Описание

In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194461020References: Upstream kernel

An out-of-bounds (OOB) memory access flaw was found in xhci_vendor_get_ops in drivers/usb/host/xhci.c in the Linux kernel's xhci platform drivers. In this flaw, a local attacker with user privileges may cause an escalation of privilege due to a missing sanity check.

Отчет

There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2034699kernel: out-of-bounds read due to a missing bounds check in xhci_vendor_get_ops() of xhci.c

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-0924

CVSS3: 7.8

nvd

около 4 лет назад

CVE-2021-0924

CVSS3: 7.8

debian

около 4 лет назад

In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...

GHSA-gw77-xfw7-7h69

github

около 4 лет назад

7.8 High

CVSS3