A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2021-01-26 00:11 | ALAS-2021-1477 |
Amazon Linux 2 - Core | kernel | 2021-01-25 23:09 | ALAS2-2021-1588 |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-20 19:53 | ALAS2KERNEL-5.4-2022-019 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.4 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 6.1 | AV:L/AC:L/Au:N/C:P/I:P/A:C |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |