Kernel Vulnerability in Oracle Solaris by Oracle Systems
CVE-2024-20946

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 16 January 2024

What is CVE-2024-20946?

A vulnerability in the Oracle Solaris Kernel allows a low privileged attacker, with access to the infrastructure where Oracle Solaris runs, to exploit the system. Successful exploitation can lead to a denial of service by causing the system to hang or repeatedly crash, significantly disrupting service availability.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023