CVE-2021-3802

Published: Nov 29, 2021Modified: Nov 21, 2024

4.2

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Exploitability: 0.6 / Impact: 3.6

Source: NVD

Description

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.

Affected (3)

Products: Udisks Project: Udisks · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Udisks Project Udisks	Before 2.9.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=2003649

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/04/msg00009.html

Source: secalert@redhat.com

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt

Source: secalert@redhat.com

ExploitMitigationThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2003649

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/04/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

Timeline

No history available yet.