Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_frontend() function when closing the device node of dvb_frontend if the device is disconnected. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Отчет
Because exploitation of this flaw requires that an attacker has either: local privileges on and physical access to the system, or administrative privileges sufficient to virtually attach or detach harware devices, Red Hat assesses that the impact of this vulnerability as Moderate.
Меры по смягчению последствий
To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the dvb-core kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Уязвимость драйвера DVB (drivers/media/dvb-core/dvb_frontend.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии.
6.4 Medium
CVSS3