CVE-2022-23222 Information

Jun 07, 2022 cve

Description

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain _OR_NULL pointer types.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.openwall.com/lists/oss-security/2022/01/13/1 http://www.openwall.com/lists/oss-security/2022/01/14/1 http://www.openwall.com/lists/oss-security/2022/01/18/2 https://www.debian.org/security/2022/dsa-5050 https://security.netapp.com/advisory/ntap-20220217-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCR3LIRUEXR7CA63W5M2HT3K63MZGKBR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5VTIZZUPC73IEJNZX66BY2YCBRZAELB/ http://www.openwall.com/lists/oss-security/2022/06/01/1 http://www.openwall.com/lists/oss-security/2022/06/04/3

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: