Lucene search

Gentoo FoundationMGASA-2021-0088

HistoryFeb 19, 2021 - 1:27 p.m.

Updated veracrypt package fixes a security vulnerability

2021-02-1913:27:54

Gentoo Foundation

advisories.mageia.org

veracrypt

buffer overflow

security vulnerability

information disclosure

kernel stack

ioctl request

driver

unix

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by a Buffer Overflow that can lead to information disclosure of kernel stack through a locally executed code with IOCTL request to driver (CVE-2019-1010208).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchveracrypt< 1.23-1.2veracrypt-1.23-1.2.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	veracrypt	< 1.23-1.2	veracrypt-1.23-1.2.mga7

References

bugs.mageia.org/show_bug.cgi?id=28078

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for MGASA-2021-0088