exploitDog

CVE-2022-1158

Опубликовано: 05 авг. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2069793
Exploit
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230214-0003/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/04/08/4
Exploit
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2069793
Exploit
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230214-0003/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/04/08/4
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.2 (включая) до 5.4.189 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.110 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.33 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 5.16.19 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.17 (включая) до 5.17.2 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

CVE-2022-1158

CVSS3: 7.8

ubuntu

почти 3 года назад

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

CVE-2022-1158

CVSS3: 7

redhat

больше 3 лет назад

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

CVE-2022-1158

CVSS3: 7.8

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-1158

CVSS3: 7.8

debian

почти 3 года назад

A flaw was found in KVM. When updating a guest's page table entry, vm_ ...

SUSE-SU-2022:1629-1

suse-cvrf

около 3 лет назад

Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2)

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416