CVE Vulnerability

CVE-2019-1010066

Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html Exploit Third Party Advisory
https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:llnl:model_specific_registers-safe:1.1.0:*:*:*:*:*:*:*
Information

Published : 2019-07-18 02:15

Updated : 2020-08-24 05:37

NVD link : CVE-2019-1010066

Mitre link : CVE-2019-1010066

Products Affected
No products.
CWE
CWE-269

CWE-862