6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%
linux-kvm is vulnerable to denial of service.The vulnerability exists in INVPCID instruction results in a call to kvm_mmu_invpcid_gva. An attacker can cause an application crash through the stack-based buffer overflow by providing two NULL pointer dereferences in KVM’s CPU instruction handling.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-1789
bugzilla.redhat.com/show_bug.cgi?id=1832397
francozappa.github.io/about-bias/
kb.cert.org/vuls/id/647177/
lists.fedoraproject.org/archives/list/[email protected]/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7/
lists.fedoraproject.org/archives/list/[email protected]/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD/
lists.fedoraproject.org/archives/list/[email protected]/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN/
www.debian.org/security/2022/dsa-5161
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%