Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-39648

Опубликовано: 06 янв. 2021
Источник: redhat
CVSS3: 4.1
EPSS Низкий

Описание

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

Отчет

There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=2068259kernel: possible disclosure of memory due to a race condition in gadget_dev_desc_UDC_show() of configfs.c

EPSS

Процентиль: 15%
0.00048
Низкий

4.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-39648

CVSS3: 4.1
ubuntu
около 4 лет назад

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

nvd логотип

CVE-2021-39648

CVSS3: 4.1
nvd
около 4 лет назад

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

debian логотип

CVE-2021-39648

CVSS3: 4.1
debian
около 4 лет назад

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...

github логотип

GHSA-rcw4-4c2j-r7wh

CVSS3: 4.1
github
около 4 лет назад

In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel

fstec логотип

BDU:2022-00829

CVSS3: 4.1
fstec
около 4 лет назад

Уязвимость функции gadget_dev_desc_UDC_show (configfs.c) ядра операционной системы Android, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 15%
0.00048
Низкий

4.1 Medium

CVSS3