CVE-2022-1116

Advisory lineage Upstream: 0 Downstream: 21

Downstream

LSN-0086-1 SUSE-SU-2022:2214-1 SUSE-SU-2022:2216-1 SUSE-SU-2022:2230-1 SUSE-SU-2022:2237-1 SUSE-SU-2022:2239-1

Modified

Published: 17 May 2022, 16:50

Last modified:21 Apr 2025, 13:53

Vulnerability Summary

Overall Risk (default)

medium

41/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

0.17% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

17 May 2022, 16:50

Published

Vulnerability first disclosed

21 Apr 2025, 13:53

Last Modified

Vulnerability information updated

Description

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.17%• Percentile: 38%

Techniques & Countermeasures

CWE-190•Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

Unknown•Kernel
≥ unspecified, < 5.4.189 | ≥ 5.4.24, < unspecified
linux•linux_kernel
≥ 5.4.24, < 5.4.189
netapp•h300s_firmware
na
netapp•h410s_firmware
na
netapp•h500s_firmware
na
netapp•h700s_firmware
na