In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ndisc: extender la protección de RCU en ndisc_send_skb() ndisc_send_skb() se puede llamar sin RTNL o RCU retenido. Adquiera rcu_read_lock() antes, para que podamos usar dev_net_rcu() y evitar un posible UAF.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 1.8
Impact Score: 5.9
| Source | Type | Description |
|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-416
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bddae5f00> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc58c900> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde254080> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdc370280> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bddae7a00> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bddae4600> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc126540> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bdc243100> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bfc58c380> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:* |