CVE-2022-0500

Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 25 Mar 2022, 18:03
Last modified:02 Aug 2024, 23:32

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Mar 2022, 18:03
Published
Vulnerability first disclosed
02 Aug 2024, 23:32
Last Modified
Vulnerability information updated

Description

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.03% Percentile: 10%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

  • CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer

    The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Affected Systems

  • fedoraprojectfedora

    34 | 35

  • linuxlinux_kernel

    ≥ 5.10, < 5.15.37 | ≥ 5.16, < 5.16.11

  • netapph300e

    na

  • netapph300s_firmware

    na

  • netapph410c_firmware

    na

  • netapph410s_firmware

    na

  • netapph500e

    na

  • netapph500s_firmware

    na

  • netapph700e

    na

  • netapph700s_firmware

    na

References (9)