| Vulnerability Name: | CCN-218324 | ||||||
| Published: | 2022-01-27 | ||||||
| Updated: | 2022-01-27 | ||||||
| Summary: | Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in erroneous error handling after fd_install() call. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to files opened by other processes on the system, and use this information to launch further attacks against the affected system. | ||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||
| CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: XF Type: UNKNOWN linux-kernel-fdinstall-info-disc(218324) Source: CCN Type: oss-sec Mailing List, Thu, 27 Jan 2022 21:05:31 +0100 Linux kernel: erroneous error handling after fd_install() Source: CCN Type: Linux Kernel Web site The Linux Kernel Archives | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||