[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] usb: fix setup_len init (CVE-2020-14364)
From: |
P J P |
Subject: |
Re: [PATCH] usb: fix setup_len init (CVE-2020-14364) |
Date: |
Tue, 1 Sep 2020 10:27:46 +0530 (IST) |
Hello Li,
+-- On Tue, 25 Aug 2020, Li Qiang wrote --+
| Just see the page.
| -->https://access.redhat.com/security/cve/CVE-2020-14364
|
| The 'Attack Vector' of the CVSS score here is 'local'.
|
| I think this should be 'network' as the guest user can touch this in cloud
| environment? What's the consideration here?
->
https://www.first.org/cvss/v3.1/user-guide#3-5-Scope-Vulnerable-Component-and-Impacted-Component
AV:Network or Adjacent is generally used when issue involves network stack. In
this case it's a usb device r/w operation.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH] usb: fix setup_len init (CVE-2020-14364),
P J P <=