CVE-2022-0330

Advisory lineage Upstream: 0 Downstream: 67
Modified
Published: 25 Mar 2022, 00:00
Last modified:02 Aug 2024, 23:25

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Mar 2022, 00:00
Published
Vulnerability first disclosed
02 Aug 2024, 23:25
Last Modified
Vulnerability information updated

Description

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.04% Percentile: 12%

Techniques & Countermeasures

  • CWE-281Improper Preservation of Permissions

    The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Systems

  • fedoraprojectfedora

    34 | 35

  • linuxlinux_kernel

    < 5.17 | 5.17 | 5.17:rc1

  • netapph300e

    na

  • netapph300s_firmware

    na

  • netapph410c_firmware

    na

  • netapph410s_firmware

    na

  • netapph500e

    na

  • netapph500s_firmware

    na

  • netapph700e

    na

  • netapph700s_firmware

    na

  • redhat3scale_api_management

    2.0

  • redhatcodeready_linux_builder

    8.0 | 8.4

  • redhatcodeready_linux_builder_eus

    8.2

  • redhatcodeready_linux_builder_eus_for_power_little_endian

    8.2

  • redhatcodeready_linux_builder_for_power_little_endian_eus

    8.0 | 8.4

  • redhatdeveloper_tools

    1.0

  • redhatenterprise_linux

    8.0

  • redhatenterprise_linux_desktop

    7.0

  • redhatenterprise_linux_eus

    8.2 | 8.4

  • redhatenterprise_linux_for_ibm_z_systems

    8.0

  • redhatenterprise_linux_for_ibm_z_systems_eus

    8.2 | 8.4

  • redhatenterprise_linux_for_power_big_endian

    7.0

  • redhatenterprise_linux_for_power_little_endian

    7.0 | 8.0

  • redhatenterprise_linux_for_power_little_endian_eus

    8.2 | 8.4

  • redhatenterprise_linux_for_real_time

    7 | 8

  • redhatenterprise_linux_for_real_time_for_nfv

    7 | 8

  • redhatenterprise_linux_for_real_time_for_nfv_tus

    8.2 | 8.4

  • redhatenterprise_linux_for_real_time_tus

    8.2 | 8.4

  • redhatenterprise_linux_for_scientific_computing

    7.0

  • redhatenterprise_linux_server

    7.0

  • redhatenterprise_linux_server_aus

    7.3 | 7.4 | 7.6 | 7.7 | 8.2 | 8.4

  • redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

    7.6 | 7.7 | 8.1 | 8.2 | 8.4

  • redhatenterprise_linux_server_tus

    7.7 | 8.2 | 8.4

  • redhatenterprise_linux_server_update_services_for_sap_solutions

    7.7 | 7.6 | 8.1 | 8.2 | 8.4

  • redhatenterprise_linux_workstation

    7.0

  • redhatovirt-node

    4.4.10

  • redhatvirtualization

    4.0

  • redhatvirtualization_host

    4.0

References (4)