Lucene search

K
nvd[email protected]NVD:CVE-2022-1158
HistoryAug 05, 2022 - 5:15 p.m.

CVE-2022-1158

2022-08-0517:15:08
CWE-416
web.nvd.nist.gov
2
kvm
unprivileged users
kernel corruption

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Affected configurations

NVD
Node
linuxlinux_kernelRange5.25.4.189
OR
linuxlinux_kernelRange5.55.10.110
OR
linuxlinux_kernelRange5.115.15.33
OR
linuxlinux_kernelRange5.165.16.19
OR
linuxlinux_kernelRange5.175.17.2
Node
fedoraprojectfedoraMatch36
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%