CVE-2021-38208

Опубликовано: 31 мая 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

A flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a denial of service can be triggered by a local unprivileged user causing a kernel panic.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-665->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1992810kernel: NULL pointer dereference in net/nfc/llcp_sock.c by making a getsockname call after a certain type of failure of a bind call

EPSS

Процентиль: 24%

0.00082

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-38208

CVSS3: 5.5

ubuntu

больше 4 лет назад

CVE-2021-38208

CVSS3: 5.5

nvd

больше 4 лет назад

CVE-2021-38208

CVSS3: 5.5

msrc

больше 4 лет назад

CVE-2021-38208

CVSS3: 5.5

debian

больше 4 лет назад

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...

GHSA-f32x-jvjj-mwj4

github

больше 3 лет назад

EPSS

Процентиль: 24%

0.00082

Низкий

5.5 Medium

CVSS3