CVE-2019-1010066

Published: Jul 18, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0.

Affected (1)

Products: Llnl: Model Specific Registers Safe

1 product

Model Specific Registers Safe

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Llnl Model Specific Registers Safe	Version 1.1.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0

Source: josh@bress.net

PatchThird Party Advisory

https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html

Source: josh@bress.net

ExploitThird Party Advisory

https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.