The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mdadm_project | mdadm | * |
| opensuse | opensuse | 13.2 |
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@intel.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L | 1.5 | 3.7 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mdadm_project | mdadm | 4.2 |
| mdadm_project | mdadm | * |
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@intel.com | 3.4 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L | 0.8 | 2.5 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mdadm_project | mdadm | 4.2 |
| mdadm_project | mdadm | * |