CVE-2022-1998

Опубликовано: 27 янв. 2022

Источник: redhat

CVSS3: 6.4

EPSS Низкий

Описание

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

A use-after-free flaw was found in the Linux kernel’s File System notify functionality in the way a user triggers the copy_info_records_to_user() function call to fail in copy_event_to_user(). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2022:8267	15.11.2022
Red Hat Enterprise Linux 9	kernel-rt	Fixed	RHSA-2022:7933	15.11.2022
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2022:8267	15.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2052312kernel: fanotify misuses fd_install() which could lead to use-after-free

EPSS

Процентиль: 7%

0.00031

Низкий

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-1998

CVSS3: 7.8

ubuntu

около 3 лет назад

CVE-2022-1998

CVSS3: 7.8

nvd

около 3 лет назад

CVE-2022-1998

CVSS3: 7.8

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-1998

CVSS3: 7.8

debian

около 3 лет назад

A use after free in the Linux kernel File System notify functionality ...

GHSA-2789-cv5q-pwgx

CVSS3: 7.8

github

около 3 лет назад

EPSS

Процентиль: 7%

0.00031

Низкий

6.4 Medium

CVSS3