CVE-2021-3802
published 2021-11-29CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from…
medium4.2CVSS 3.1
AVLACLPRHUIRSUCNINAH
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | udisks2 | < udisks2 2.9.4-1 (bookworm) | udisks2 2.9.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| udisks_project | udisks | < 2.9.4 | 2.9.4 |
CVSS provenance
nvdv3.14.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
osv4.2MEDIUM
GHSA
GHSA-p3gq-xgj7-pfr7: A vulnerability found in udisks2
ghsa_unreviewed·2021-11-30
CVE-2021-3802 [MEDIUM] CWE-20 GHSA-p3gq-xgj7-pfr7: A vulnerability found in udisks2
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
OSV
CVE-2021-3802: A vulnerability found in udisks2
osv·2021-11-29·CVSS 4.2
CVE-2021-3802 [MEDIUM] CVE-2021-3802: A vulnerability found in udisks2
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Red Hat
udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
vendor_redhat·2021-09-13·CVSS 4.2
CVE-2021-3802 [MEDIUM] CWE-20 udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Statement: Mounting a file system is a privileged operation controlled by polkit, So without admin authentication, it's difficult to exploit. And as for the Unprivileged users with an active session(e.g. GNOME session) can be affected by the auto-mounted devices. Hence the Priority is changed to low.
Package: udisk
Debian
CVE-2021-3802: udisks2 - A vulnerability found in udisks2. This flaw allows an attacker to input a specia...
vendor_debian·2021·CVSS 4.2
CVE-2021-3802 [MEDIUM] CVE-2021-3802: udisks2 - A vulnerability found in udisks2. This flaw allows an attacker to input a specia...
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Scope: local
bookworm: resolved (fixed in 2.9.4-1)
bullseye: resolved (fixed in 2.9.2-2+deb11u1)
forky: resolved (fixed in 2.9.4-1)
sid: resolved (fixed in 2.9.4-1)
trixie: resolved (fixed in 2.9.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=2003649https://lists.debian.org/debian-lts-announce/2023/04/msg00009.htmlhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txthttps://bugzilla.redhat.com/show_bug.cgi?id=2003649https://lists.debian.org/debian-lts-announce/2023/04/msg00009.htmlhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
2021-11-29
Published