Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-0500
HistoryMar 25, 2022 - 12:00 a.m.

CVE-2022-0500

2022-03-2500:00:00
ubuntu.com
ubuntu.com
13

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to
a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem
due to the way a user loads BTF. This flaw allows a local user to crash or
escalate their privileges on the system.

Notes

Author Note
sbeattie unprivileged eBPF has been disabled by default in Ubuntu kernels as of 2022-03-08, requires CAP_SYS_ADMIN or CAP_BPF privileges.
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-41.44UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1015.19UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1015.19~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1014.17UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1014.17~20.04.1UNKNOWN
ubuntu22.04noarchlinux-azure-fde< 5.15.0-1014.17UNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< 5.15.0-1014.17~20.04.1UNKNOWN
ubuntu22.04noarchlinux-gcp< 5.15.0-1013.18UNKNOWN
ubuntu20.04noarchlinux-gcp-5.15< 5.15.0-1013.18~20.04.1UNKNOWN
ubuntu22.04noarchlinux-gke< 5.15.0-1011.14UNKNOWN
Rows per page:
1-10 of 211

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2022-0500