Lucene search

K
redhatcveRedhat.comRH:CVE-2023-45862
HistoryOct 18, 2023 - 12:59 a.m.

CVE-2023-45862

2023-10-1800:59:03
redhat.com
access.redhat.com
20
linux kernel
memory access flaw
ene sd/ms card reader
usb device
system crash
blacklist
kernel module.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.1%

An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system.

Mitigation

To mitigate this issue, prevent module ums-eneub6250 from being loaded. Please see <https://access.redhat.com/solutions/41278&gt; for how to blacklist a kernel module to prevent it from loading automatically.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.1%