CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
17.9%
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux
kernels, did not properly handle faults occurring during copy_from_user()
correctly. These could lead to either a double-free situation or memory not
being freed at all. An attacker could use this to cause a denial of service
(kernel memory exhaustion) or gain privileges via executing arbitrary code.
AKA ZDI-CAN-13562.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-72.80 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-50.56 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1045.47 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1030.32 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1045.47~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1046.48 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-azure | < 5.8.0-1029.31 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < 5.4.0-1046.48~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde | < 5.4.0-1046.48 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < 5.4.0-1011.14 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
17.9%