CVE-2022-1943

Опубликовано: 10 мая 2022

Источник: redhat

CVSS3: 7.8

Описание

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

An out-of-bounds memory write flaw was found in the Linux kernel’s UDF file system functionality in the way a user triggers some file operations, which triggers udf_write_fi(). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Отчет

Keeping Moderate, because the actual corruption is out of attacker control, so it means that attack complexity could be high or unpredictable.

Меры по смягчению последствий

To mitigate this issue, prevent the module udf from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2086412kernel: A slab-out-of-bounds Write bug when invoke udf_write_fi via ioctl

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-1943

CVSS3: 7.8

ubuntu

около 3 лет назад

CVE-2022-1943

CVSS3: 7.8

nvd

около 3 лет назад

CVE-2022-1943

CVSS3: 7.8

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-1943

CVSS3: 7.8

debian

около 3 лет назад

A flaw out of bounds memory write in the Linux kernel UDF file system ...

GHSA-2vmp-ffrr-x6p5

CVSS3: 5.5

github

около 3 лет назад

7.8 High

CVSS3