A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1934261 | Issue Tracking Third Party Advisory |
Configurations
History
15 Mar 2022, 16:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* cpe:2.3:a:kexec-tool_project:kexec-tool:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:* |
|
CWE | CWE-276 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 6.2 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1934261 - Issue Tracking, Third Party Advisory |
10 Mar 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-10 17:41
Updated : 2024-02-04 22:29
NVD link : CVE-2021-20269
Mitre link : CVE-2021-20269
CVE.ORG link : CVE-2021-20269
JSON object : View
Products Affected
redhat
- enterprise_linux
fedoraproject
- fedora
kexec-tools_project
- kexec-tools
CWE
CWE-276
Incorrect Default Permissions