CVE-2022-0854

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Ссылки

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
Exploit
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5161
Third Party Advisory
https://www.debian.org/security/2022/dsa-5173
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
Exploit
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Mailing List
Third Party Advisory
https://www.debian.org/security/2022/dsa-5161
Third Party Advisory
https://www.debian.org/security/2022/dsa-5173
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.16 (включая)

cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.17:rc7:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00009

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

CWE-401

Связанные уязвимости

CVE-2022-0854

CVSS3: 5.5

ubuntu

около 3 лет назад

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

CVE-2022-0854

CVSS3: 5.5

redhat

больше 3 лет назад

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

CVE-2022-0854

CVSS3: 5.5

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-0854

CVSS3: 5.5

debian

около 3 лет назад

A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, ...

GHSA-hjpw-pwwm-fvgm

CVSS3: 5.5

github

около 3 лет назад

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

EPSS

Процентиль: 1%

0.00009

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

CWE-401