CVE-2022-3170

2022-09-1316:15:09

CWE-125

redhat

web.nvd.nist.gov

cve-2022-3170

linux kernel

sound subsystem

out-of-bounds access

privilege escalation

ioctl() interface

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the ‘id->name’ provided by the user did not end with ‘\0’. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelMatch6.0rc1

linuxlinux_kernelMatch6.0rc2

linuxlinux_kernelMatch6.0rc3

VendorProductVersionCPE
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "fixed in kernel 6.0-rc4"
      }
    ]
  }
]