Lucene search

K
cveCanonicalCVE-2022-2588
HistoryJan 08, 2024 - 6:15 p.m.

CVE-2022-2588

2024-01-0818:15:44
CWE-415
CWE-416
canonical
web.nvd.nist.gov
190
8
linux
kernel
vulnerability
cls_route
cve-2022-2588
nvd
security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

21.8%

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<4.9.326
OR
linuxlinux_kernelRange4.104.14.291
OR
linuxlinux_kernelRange4.154.19.256
OR
linuxlinux_kernelRange4.205.4.211
OR
linuxlinux_kernelRange5.55.10.137
OR
linuxlinux_kernelRange5.115.15.61
OR
linuxlinux_kernelRange5.165.18.18
OR
linuxlinux_kernelRange5.195.19.2
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04esm
OR
canonicalubuntu_linuxMatch20.04lts
OR
canonicalubuntu_linuxMatch22.04lts
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux22.04cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

CNA Affected

[
  {
    "packageName": "linux",
    "product": "linux",
    "vendor": "The Linux Kernel Organization",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "6.0~rc1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

21.8%