An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2021-07-20 22:24 | ALAS-2021-1524 |
Amazon Linux 2 - Core | kernel | 2021-07-20 22:24 | ALAS2-2021-1691 |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-20 23:39 | ALAS2KERNEL-5.10-2022-003 |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-12 19:30 | ALAS2KERNEL-5.4-2022-005 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.231-173.360 | 2021-07-21 00:56 | ALAS2LIVEPATCH-2021-058 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.231-173.361 | 2021-07-21 00:56 | ALAS2LIVEPATCH-2021-057 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.232-176.381 | 2021-07-21 00:55 | ALAS2LIVEPATCH-2021-056 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.232-177.418 | 2021-07-21 01:13 | ALAS2LIVEPATCH-2021-059 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.238-182.421 | 2021-07-21 00:55 | ALAS2LIVEPATCH-2021-055 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |