Описание
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system.
Отчет
The impact is Moderate, because the double free happens during flush procedure, and no use of incorrect data during flush finishing even if double free could happen without kernel crash.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2022:0622 | 22.02.2022 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2022:0620 | 22.02.2022 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2021:4140 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2021:4356 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
A flaw double-free memory corruption in the Linux kernel HCI device in ...
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
6.3 Medium
CVSS3