𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶 to [email protected] • 10 months agoCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.comexternal-linkmessage-square26fedilinkarrow-up1164arrow-down125 cross-posted to: [email protected]
arrow-up1139arrow-down1external-linkCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.com𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶 to [email protected] • 10 months agomessage-square26fedilink cross-posted to: [email protected]
minus-square@[email protected]linkfedilink4•10 months agoIt means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
minus-squarefolkravlinkfedilink3•10 months agoI mean take a look at the report. Still not sure how it’s “wrong”. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST
It means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
Admin or physical access.
I mean take a look at the report. Still not sure how it’s “wrong”.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST