Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-0646

Опубликовано: 18 фев. 2022
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.0011
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-459
CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2022-0646

CVSS3: 7.8
ubuntu
почти 4 года назад

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

redhat логотип

CVE-2022-0646

CVSS3: 6.4
redhat
почти 4 года назад

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

debian логотип

CVE-2022-0646

CVSS3: 7.8
debian
почти 4 года назад

A flaw use after free in the Linux kernel Management Component Transpo ...

github логотип

GHSA-c3x8-gg69-x2jw

CVSS3: 7.8
github
почти 4 года назад

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

fstec логотип

BDU:2024-04158

CVSS3: 7.8
fstec
почти 4 года назад

Уязвимость подсистемы MCTP (Management Component Transport Protocol) ядра операционной системы Linux, позволяющая нраушителю повысить свои привилегии

EPSS

Процентиль: 30%
0.0011
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-459
CWE-416