6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
15.4%
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin
builds on this property to restrict module/firmware loads to just the
trusted root filesystem. Device-mapper table reloads currently allow users
with root privileges to switch out the target with an equivalent dm-linear
target and bypass verification till reboot. This allows root to bypass
LoadPin and can be used to load untrusted and unverified kernel modules and
firmware, which implies arbitrary kernel execution and persistence for
peripherals that do not verify firmware updates. We recommend upgrading
past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux-nvidia | < 5.15.0-1007.7 | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-191.202 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-126.142 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-47.51 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-239.273) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1139.150 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1085.92 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1019.23 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1155.170) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1117.123) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m
launchpad.net/bugs/cve/CVE-2022-2503
nvd.nist.gov/vuln/detail/CVE-2022-2503
security-tracker.debian.org/tracker/CVE-2022-2503
ubuntu.com/security/notices/USN-5594-1
ubuntu.com/security/notices/USN-5599-1
ubuntu.com/security/notices/USN-5602-1
ubuntu.com/security/notices/USN-5616-1
ubuntu.com/security/notices/USN-5622-1
ubuntu.com/security/notices/USN-5623-1
ubuntu.com/security/notices/USN-5630-1
ubuntu.com/security/notices/USN-5639-1
ubuntu.com/security/notices/USN-5647-1
ubuntu.com/security/notices/USN-5654-1
ubuntu.com/security/notices/USN-5660-1
ubuntu.com/security/notices/USN-6001-1
ubuntu.com/security/notices/USN-6013-1
ubuntu.com/security/notices/USN-6014-1
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
15.4%