Описание
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system.
Меры по смягчению последствий
To mitigate this issue, prevent module ums-eneub6250 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2024:0724 | 07.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:1404 | 19.03.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel | Fixed | RHSA-2024:0723 | 07.02.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | kernel-rt | Fixed | RHSA-2024:0725 | 07.02.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the EN ...
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
Уязвимость функции ms_lib_process_bootblock() в модуле drivers/usb/storage/ene_ub6250.c драйвера ene_usb6250 кард-ридера ENE SD/MS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
EPSS
5.5 Medium
CVSS3