Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28328

Опубликовано: 18 нояб. 2022
Источник: redhat
CVSS3: 5.5

Описание

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.

Отчет

This flaw can be mitigated by preventing the affected dvb_usb_az6027 kernel module from loading during the boot time. Ensure the module is added into the blacklist file.

Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:072407.02.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:057530.01.2024
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2024:072407.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2177389kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28328

CVSS3: 5.5
ubuntu
около 2 лет назад

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.

nvd логотип

CVE-2023-28328

CVSS3: 5.5
nvd
около 2 лет назад

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.

msrc логотип

CVE-2023-28328

CVSS3: 5.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-28328

CVSS3: 5.5
debian
около 2 лет назад

A NULL pointer dereference flaw was found in the az6027 driver in driv ...

github логотип

GHSA-mv2p-2vgw-5cpm

CVSS3: 5.5
github
около 2 лет назад

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.

5.5 Medium

CVSS3