A missing capabilities check when creating NFC raw sockets could be used by local attackers to create raw sockets, bypassing security mechanisms allowing them to create or listen to NFC communication frames.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2020-10-26 18:08 | ALAS-2020-1437 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:P/A:N |
NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |