Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-34693

Опубликовано: 12 июн. 2021
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

The canbus filesystem in the Linux kernel contains an information leak of kernel memory to devices on the CAN bus network link layer. An attacker with the ability to dump messages on the CAN bus is able to learn of uninitialized stack values by dumbing messages on the can bus.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altOut of support scope
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelAffected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1972265kernel: allows local users to obtain sensitive information from stack memory because of uninitialized data structure in net/can/bcm.c

EPSS

Процентиль: 15%
0.00048
Низкий

4 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.5
ubuntu
около 4 лет назад

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

CVSS3: 5.5
nvd
около 4 лет назад

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

CVSS3: 5.5
msrc
около 4 лет назад

Описание отсутствует

CVSS3: 5.5
debian
около 4 лет назад

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...

CVSS3: 5.5
github
около 3 лет назад

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

EPSS

Процентиль: 15%
0.00048
Низкий

4 Medium

CVSS3