CVE-2022-0487

Опубликовано: 11 янв. 2022

Источник: redhat

CVSS3: 5.5

Описание

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

A use-after-free vulnerability was found in the Linux kernel’s moxart_remove function in drivers/mmc/host/moxart-mmc.c. This flaw allows a local attacker with a user privilege to create issues with confidentiality.

Отчет

There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2044561kernel: use after free in moxart_remove

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-0487

CVSS3: 5.5

ubuntu

больше 3 лет назад

CVE-2022-0487

CVSS3: 5.5

nvd

больше 3 лет назад

CVE-2022-0487

CVSS3: 5.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-0487

CVSS3: 5.5

debian

больше 3 лет назад

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...

GHSA-g6g9-f4gj-gxqv

CVSS3: 5.5

github

больше 3 лет назад

5.5 Medium

CVSS3