Lucene search

K
nvd[email protected]NVD:CVE-2022-1729
HistorySep 01, 2022 - 9:15 p.m.

CVE-2022-1729

2022-09-0121:15:09
CWE-362
CWE-366
web.nvd.nist.gov
2
linux
kernel
race condition
unprivileged user
root privileges
exploit
information leak
arbitrary execution

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.7%

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Affected configurations

NVD
Node
linuxlinux_kernelRange3.2.853.3
OR
linuxlinux_kernelRange3.16.403.17
OR
linuxlinux_kernelRange3.18.543.19
OR
linuxlinux_kernelRange4.0.04.9.316
OR
linuxlinux_kernelRange4.104.14.281
OR
linuxlinux_kernelRange4.154.19.245
OR
linuxlinux_kernelRange4.205.4.196
OR
linuxlinux_kernelRange5.5.05.10.118
OR
linuxlinux_kernelRange5.115.15.42
OR
linuxlinux_kernelRange5.165.17.10
Node
netapphci_baseboard_management_controllerMatchh300s
OR
netapphci_baseboard_management_controllerMatchh410s
OR
netapphci_baseboard_management_controllerMatchh500s
OR
netapphci_baseboard_management_controllerMatchh700s

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.7%