Udisks
CVE-2021-3802
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
AnalysisAI
A vulnerability found in udisks2. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-20. A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. Affected products include: Udisks Project Udisks, Fedoraproject Fedora, Redhat Enterprise Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive
Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today