Updated: 2024-11-23 04:32:43.305397
Description:
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2024-05-24 14:18:59 | ||
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2024-05-24 14:18:59 | ||
CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2023-06-15 09:07:43 | ||
CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2023-09-19 05:07:23 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-06-24 11:36:06 | ||
CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-06-24 11:36:06 | ||
CentOS Stream 8 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-05-24 14:18:59 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2023-06-15 09:07:43 | ||
CloudLinux 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-09-06 12:12:05 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2023-06-15 09:07:43 |