In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b40329e00> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd604dc0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde4f13c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd152d40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcbbf6680> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcbbf4600> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd6077c0> | Operating System |
| linux | linux_kernel | 2.6.31 | <built-in method update of dict object at 0x702b4032aec0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdd605240> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bcbbf4280> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b40329980> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b4032a9c0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdd151ac0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b4032b980> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdd6072c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |