CVE-2022-2639

Advisory lineage Upstream: 0 Downstream: 35
Modified
Published: 01 Sept 2022, 20:32
Last modified:03 Aug 2024, 00:46

Vulnerability Summary

Overall Risk (default)
medium
41/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
1.01% LOW
1% probability -0.15%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

01 Sept 2022, 20:32
Published
Vulnerability first disclosed
03 Aug 2024, 00:46
Last Modified
Vulnerability information updated

Description

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 1.01% Percentile: 77%

Techniques & Countermeasures

  • CWE-681Incorrect Conversion between Numeric Types

    When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

  • CWE-192Integer Coercion Error

    Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

Affected Systems

  • linuxlinux_kernel

    ≥ 3.18.139, < 3.19 | ≥ 4.4.179, < 4.5 | ≥ 4.9.169, < 4.9.312 | ≥ 4.14.112, < 4.14.277 | ≥ 4.19.35, < 4.19.240 | ≥ 5.0.8, < 5.4.191 | ≥ 5.5, < 5.10.113 | ≥ 5.11, < 5.15.36 | ≥ 5.16, < 5.17.5

  • redhatenterprise_linux

    8.0 | 9.0

References (2)