Lucene search

K
nvd[email protected]NVD:CVE-2022-3239
HistorySep 19, 2022 - 8:15 p.m.

CVE-2022-3239

2022-09-1920:15:12
CWE-416
web.nvd.nist.gov
10
linux
video4linux
local users
system crash
privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.154.14.295
OR
linuxlinux_kernelRange4.154.19.238
OR
linuxlinux_kernelRange4.205.4.189
OR
linuxlinux_kernelRange5.55.10.110
OR
linuxlinux_kernelRange5.115.15.33
OR
linuxlinux_kernelRange5.165.16.19
OR
linuxlinux_kernelRange5.175.17.2
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%