Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-0961

Опубликовано: 06 дек. 2021
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel

An uninitialized data read flaw in the Linux kernel Android enhanced xt_quota that can count upwards and in packets functionality was found in the way user calls function quota_proc_write. A local user could use this flaw to get unauthorized data access.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=2033723kernel: there is a possible way to read kernel memory due to uninitialized data in quota_proc_write() in xt_quota2.c

EPSS

Процентиль: 14%
0.00047
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-0961

CVSS3: 4.4
ubuntu
около 4 лет назад

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel

nvd логотип

CVE-2021-0961

CVSS3: 4.4
nvd
около 4 лет назад

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel

debian логотип

CVE-2021-0961

CVSS3: 4.4
debian
около 4 лет назад

In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...

github логотип

GHSA-9mr6-2c2v-735f

github
около 4 лет назад

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel

EPSS

Процентиль: 14%
0.00047
Низкий

4.4 Medium

CVSS3

Уязвимость CVE-2021-0961