CVE-2021-3753

Public on 2021-09-08
Modified on 2021-10-04
Description
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
Severity
Medium
CVSS v3 Base Score
4.7
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2021-09-08 23:35 ALAS2-2021-1704
Amazon Linux 1 kernel 2021-09-30 19:25 ALAS-2021-1539

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N