Lucene search

K
redhatcveRedhat.comRH:CVE-2022-20141
HistoryAug 03, 2022 - 3:10 p.m.

CVE-2022-20141

2022-08-0315:10:28
redhat.com
access.redhat.com
88
linux
igmp
use-after-free
local user
privilege escalation
race condition
ip_check_mc_rcu
cve-2022-20141

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ip_check_mc_rcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%