CVE-2022-3170

2022-09-1316:15:09

CWE-125

[email protected]

web.nvd.nist.gov

linux

sound

access issue

privileged user

ioctl interface

system crash

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the ‘id->name’ provided by the user did not end with ‘\0’. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Affected configurations

Nvd

Node

linuxlinux_kernelMatch6.0rc1

linuxlinux_kernelMatch6.0rc2

linuxlinux_kernelMatch6.0rc3

VendorProductVersionCPE
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::