Описание
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system.
Отчет
Because this vulnerability requires an attacker to either have physical access to a system with infrared receiver/transceiver hardware or requires a remote authenticated user to have knowledge about such hardware attached to the system and when it is disconnected, Red Hat assesses the impact of this vulnerability as Moderate. This bug stems from an error in drivers/media/rc/ene_ir.c. This is no longer being built, as CONFIG_IR_ENE is no longer enabled in Red Hat Enterprise Linux 9.
Меры по смягчению последствий
To mitigate this issue, prevent module ene_ir from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:6901 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7077 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2024:1653 | 03.04.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:3810 | 11.06.2024 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:1653 | 03.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
A flaw use after free in the Linux kernel integrated infrared receiver ...
Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)
EPSS
7 High
CVSS3