CVE-2022-1882

Опубликовано: 07 мая 2022

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023
Red Hat Enterprise Linux 9	kernel-rt	Fixed	RHSA-2023:2148	09.05.2023
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2089701kernel: use-after-free in free_pipe_info() could lead to privilege escalation

EPSS

Процентиль: 5%

0.00024

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2022-1882

CVSS3: 7.8

ubuntu

около 3 лет назад

CVE-2022-1882

CVSS3: 7.8

nvd

около 3 лет назад

CVE-2022-1882

CVSS3: 7.8

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-1882

CVSS3: 7.8

debian

около 3 лет назад

A use-after-free flaw was found in the Linux kernel\u2019s pipes funct ...

GHSA-hmjf-2pvf-jr4v

CVSS3: 7.8

github

около 3 лет назад

A flaw use after free in the Linux kernel pipes functionality was found in the way user do some manipulations with pipe ex. with the post_one_notification() after free_pipe_info() already called. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

EPSS

Процентиль: 5%

0.00024

Низкий

7 High

CVSS3