In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device.
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | High |
Epss Score | 0.00042 |
---|---|
Epss Percentile | 0.05084 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
CPE | Vendor | Product | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | linux | linux_kernel | * | * |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | linux | linux_kernel | 6.12 | rc1 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | linux | linux_kernel | * | * |
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | linux | linux_kernel | 6.12 | rc2 |
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | linux | linux_kernel | 6.12 | rc3 |