Details of VAR-202106-0883

ID

VAR-202106-0883

CVE

CVE-2021-0094

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Trust: 1.53

sources: NVD: CVE-2021-0094 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371663

AFFECTED PRODUCTS

vendor:

intel

model:

driver \& support assistant

scope:

version:

20.11.50.9

Trust: 1.0

sources: NVD: CVE-2021-0094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0094
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-736
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371663
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0094
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-371663
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0094
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-371663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-736 // NVD: CVE-2021-0094

PROBLEMTYPE DATA

problemtype:

CWE-59

Trust: 1.1

sources: VULHUB: VHN-371663 // NVD: CVE-2021-0094

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-736

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Intel DSA Post-link vulnerability fixes

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154904

Trust: 0.6

sources: CNNVD: CNNVD-202106-736

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0094	Trust: 1.7
db:	CNNVD	id:	CNNVD-202106-736	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2002	Trust: 0.6
db:	CS-HELP	id:	SB2021061525	Trust: 0.6
db:	VULHUB	id:	VHN-371663	Trust: 0.1

sources: VULHUB: VHN-371663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-736 // NVD: CVE-2021-0094

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00510.html	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061525	Trust: 0.6

sources: VULHUB: VHN-371663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-736 // NVD: CVE-2021-0094

SOURCES

db:	VULHUB	id:	VHN-371663
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-736
db:	NVD	id:	CVE-2021-0094

LAST UPDATE DATE

2024-08-14T13:08:36.957000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371663	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-736	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2021-0094	date:	2021-06-23T16:09:42.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371663	date:	2021-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-736	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-0094	date:	2021-06-09T20:15:08.603