CVE-2022-21499

Advisory lineage Upstream: 0 Downstream: 36

Downstream

DEBIAN-CVE-2022-21499 DSA-5161-1 LSN-0086-1 LSN-0089-1 MGASA-2022-0212 MGASA-2022-0213

Modified

Published: 09 Jun 2022, 20:15

Last modified:24 Sept 2024, 20:05

Vulnerability Summary

Overall Risk (default)

medium

27/100

CVSS Score

6.7 MEDIUM

v3.1 (cve.org)

EPSS Score

0.18% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Jun 2022, 20:15

Published

Vulnerability first disclosed

24 Sept 2024, 20:05

Last Modified

Vulnerability information updated

Description

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS Metrics

v3.1•MEDIUM•Score: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.18%• Percentile: 39%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

debian•debian_linux
11.0
oracle corporation•oracle linux
Oracle Linux: 6 | Oracle Linux: 7 | Oracle Linux: 8
oracle corporation•oracle vm
Oracle VM: 3
oracle•linux
6 | 7 | 8