Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23134

Опубликовано: 04 мая 2021
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

A flaw was found in the Linux kernel. A use-after-free was found in the implementation of nfc sockets leading to a kernel privilege escalation from the context of an unprivileged user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user (with capability CAP_NET_RAW).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1959514kernel: use-after-free in nfc sockets

EPSS

Процентиль: 3%
0.00019
Низкий

7.8 High

CVSS3

Связанные уязвимости

CVSS3: 7.8
ubuntu
около 4 лет назад

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CVSS3: 7.8
nvd
около 4 лет назад

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CVSS3: 7.8
msrc
около 4 лет назад

Описание отсутствует

CVSS3: 7.8
debian
около 4 лет назад

Use After Free vulnerability in nfc sockets in the Linux Kernel before ...

github
около 3 лет назад

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

EPSS

Процентиль: 3%
0.00019
Низкий

7.8 High

CVSS3