Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-21499
HistoryMay 24, 2022 - 12:00 a.m.

CVE-2022-21499

2022-05-2400:00:00
ubuntu.com
ubuntu.com
29
cve-2022-21499
kernel memory
debugger lockdown
serial port
cvss 3.1
confidentiality
integrity
availability impacts
unix

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.6%

KGDB and KDB allow read and write access to kernel memory, and thus should
be restricted during lockdown. An attacker with access to a serial port
could trigger the debugger so it is important that the debugger respect the
lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7
(Confidentiality, Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-184.194UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-117.132UNKNOWN
ubuntu21.10noarchlinux< 5.13.0-48.54UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-35.36UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1133.143UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1078.84UNKNOWN
ubuntu21.10noarchlinux-aws< 5.13.0-1028.31UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1009.11UNKNOWN
ubuntu20.04noarchlinux-aws-5.13< 5.13.0-1028.31~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1078.84~18.04.1UNKNOWN
Rows per page:
1-10 of 621

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

15.6%