Lucene search

K
redhatcveRedhat.comRH:CVE-2022-1652
HistoryMay 12, 2022 - 8:28 a.m.

CVE-2022-1652

2022-05-1208:28:52
redhat.com
access.redhat.com
99
linux kernel
floppy driver
use-after-free
memory corruption
local attacker
mitigation
auto-loading
module

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.3%

A use-after-free flaw was found in the Linux kernel’s floppy driver implementation. This flaw allows a local attacker to possibly corrupt memory.

Mitigation

The floppy module will be auto-loaded when the hardware is present. Its loading can be prevented with the following instructions:

echo "install floppy /bin/true" >> /etc/modprobe.d/disable-floppy.conf

The system will need to be restarted if the floppy modules is loaded. In most circumstances, the floppy kernel modules will be unable to be unloaded while is in use.

If the system requires this module to work correctly, this mitigation may not be suitable.

If you need further assistance, see KCS article <https://access.redhat.com/solutions/41278&gt; or contact Red Hat Global Support Services.

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.3%