𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶@lemmy.procrastinati.org to Linux@lemmy.ml · 1 year agoCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.comexternal-linkmessage-square28linkfedilinkarrow-up1173arrow-down124
arrow-up1149arrow-down1external-linkCritical vulnerability affecting most Linux distros allows for bootkitsarstechnica.com𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶@lemmy.procrastinati.org to Linux@lemmy.ml · 1 year agomessage-square28linkfedilink
minus-squarebizdelnick@lemmy.mllinkfedilinkarrow-up5arrow-down1·1 year agoIt means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
minus-squarefolkrav@lemmy.calinkfedilinkarrow-up3·1 year agoI mean take a look at the report. Still not sure how it’s “wrong”. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST
It means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
Admin or physical access.
I mean take a look at the report. Still not sure how it’s “wrong”.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST