𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶@lemmy.procrastinati.org to Linux@lemmy.ml · 9 months agoCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.comexternal-linkmessage-square27fedilinkarrow-up1170arrow-down124 cross-posted to: security@lemmy.ml
arrow-up1146arrow-down1external-linkCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.com𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶@lemmy.procrastinati.org to Linux@lemmy.ml · 9 months agomessage-square27fedilink cross-posted to: security@lemmy.ml
minus-squarebizdelnick@lemmy.mllinkfedilinkarrow-up5arrow-down1·9 months agoIt means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
minus-squarefolkrav@lemmy.calinkfedilinkarrow-up3·9 months agoI mean take a look at the report. Still not sure how it’s “wrong”. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST
It means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
I mean take a look at the report. Still not sure how it’s “wrong”.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST
Admin or physical access.