BDU:2022-00026

Уязвимость реализации системного вызова TEE_IOC_OPEN_SESSION или TEE_IOC_INVOKE ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.0) Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C

References:

CVE-2021-44733

Published: 2021-12-22
Modified: 2024-11-21

CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package kernel-image-centos update in sisyphus on 2022-02-12

ALT-PU-2022-1266-1

Closed vulnerabilities

BDU:2022-00026

CVE-2021-44733