Back

CVE-2024-4810

May 14, 2024, 7:17 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

UNKNOWN

Linux kernel

  • UNKNOWN

Source

security@openanolis.org

Tags

CWE-476
2024-05-14
CVE-2024-4810
security@openanolis.org

CVE-2024-4810 details

Published : May 14, 2024, 4:17 p.m.
Last Modified : May 14, 2024, 7:17 p.m.

Description

In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded.

CVSS Score

1 2 3 4 5.3 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

5.3

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

References

URL Source
https://bugzilla.openanolis.cn/show_bug.cgi?id=9008 security@openanolis.org
This website uses the NVD API, but is not approved or certified by it.