Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3239

Опубликовано: 22 фев. 2022
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xx_usb_probe() for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Меры по смягчению последствий

To mitigate this issue, prevent module em28xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:273616.05.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:295116.05.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:093021.02.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2022:793315.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2024:093021.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2127985kernel: media: em28xx: initialize refcount before kref_get

EPSS

Процентиль: 7%
0.00031
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3239

CVSS3: 7.8
ubuntu
почти 3 года назад

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

nvd логотип

CVE-2022-3239

CVSS3: 7.8
nvd
почти 3 года назад

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

debian логотип

CVE-2022-3239

CVSS3: 7.8
debian
почти 3 года назад

A flaw use after free in the Linux kernel video4linux driver was found ...

github логотип

GHSA-f4rx-6cwc-qgfm

CVSS3: 7.8
github
почти 3 года назад

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

oracle-oval логотип

ELSA-2022-9997

oracle-oval
больше 2 лет назад

ELSA-2022-9997: Unbreakable Enterprise kernel-container security update (IMPORTANT)

EPSS

Процентиль: 7%
0.00031
Низкий

7 High

CVSS3

Уязвимость CVE-2022-3239