Lucene search

K
cve[email protected]CVE-2022-1729
HistorySep 01, 2022 - 9:15 p.m.

CVE-2022-1729

2022-09-0121:15:09
CWE-366
CWE-362
web.nvd.nist.gov
267
7
cve-2022-1729
linux kernel
race condition
perf_event_open
root privileges
security vulnerability
nvd

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0

Percentile

15.7%

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Affected configurations

Vulners
NVD
Node
linuxlinux_kernelRange5.18
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "linux kernel",
    "versions": [
      {
        "version": "linux kernel 5.18 rc9",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0

Percentile

15.7%