Описание
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities.
Отчет
While this vulnerability could lead to disclosure of kernel memory, the impact is rated Moderate because exploitation requires bypassing additional security features such as kernel address-space layout randomization (KASLR). It could be exploited by an authenticated, local attacker who emulates a malicious Human Interface Device (HID).
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 10 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | kernel | Fixed | RHSA-2025:2517 | 10.03.2025 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | kernel | Fixed | RHSA-2025:2514 | 10.03.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | kernel-rt | Fixed | RHSA-2025:2510 | 10.03.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | kernel | Fixed | RHSA-2025:2501 | 10.03.2025 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2025:2474 | 10.03.2025 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2025:2473 | 10.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2025:2646 | 11.03.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
In the Linux kernel, the following vulnerability has been resolved: H ...
Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
EPSS
6.1 Medium
CVSS3