exploitDog

CVE-2022-2977

Опубликовано: 14 сент. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Ссылки

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
Mailing List
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230214-0006/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
Mailing List
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230214-0006/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.12 (включая) до 4.14.276 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.238 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.189 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.110 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.33 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 5.16.19 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.17 (включая) до 5.17.1 (исключая)

EPSS

Процентиль: 4%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

CVE-2022-2977

CVSS3: 7.8

ubuntu

почти 3 года назад

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

CVE-2022-2977

CVSS3: 7.8

redhat

больше 3 лет назад

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

CVE-2022-2977

CVSS3: 7.8

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-2977

CVSS3: 7.8

debian

почти 3 года назад

A flaw was found in the Linux kernel implementation of proxied virtual ...

GHSA-c5mq-2wv7-w9f4

CVSS3: 7.8

github

почти 3 года назад

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

EPSS

Процентиль: 4%

0.00021

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416