CVE-2022-1729

Advisory lineage Upstream: 0 Downstream: 59
Modified
Published: 01 Sept 2022, 00:00
Last modified:03 Aug 2024, 00:16

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7 HIGH
v3.1 (nvd)
EPSS Score
0.07% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Sept 2022, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 00:16
Last Modified
Vulnerability information updated

Description

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

CVSS Metrics

  • v3.1HIGHScore: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.07% Percentile: 21%

Techniques & Countermeasures

  • CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

  • CWE-366Race Condition within a Thread

    If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Affected Systems

  • linuxlinux_kernel

    ≥ 3.2.85, < 3.3 | ≥ 3.16.40, < 3.17 | ≥ 3.18.54, < 3.19 | ≥ 4.0.0, < 4.9.316 | ≥ 4.10, < 4.14.281 | ≥ 4.15, < 4.19.245 | ≥ 4.20, < 5.4.196 | ≥ 5.5.0, < 5.10.118 | ≥ 5.11, < 5.15.42 | ≥ 5.16, < 5.17.10

  • netapphci_baseboard_management_controller

    h300s | h410s | h500s | h700s

References (3)