Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2503

Опубликовано: 12 авг. 2022
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification until reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates.

Отчет

Starting from the Red Hat Enterprise Linux version 8.7 the bug already fixed (by previous ticket https://bugzilla.redhat.com/show_bug.cgi?id=2012340). Similar for the Red Hat Enterprise Linux version 9.1 it is already fixed (by the ticket https://bugzilla.redhat.com/show_bug.cgi?id=2090507).

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2022:744408.11.2022
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:768308.11.2022
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2023:562710.10.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2022:793315.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2023:562710.10.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-288
https://bugzilla.redhat.com/show_bug.cgi?id=2177862kernel: LoadPin bypass via dm-verity table reload

EPSS

Процентиль: 0%
0.00003
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2503

CVSS3: 6.9
ubuntu
почти 3 года назад

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

nvd логотип

CVE-2022-2503

CVSS3: 6.9
nvd
почти 3 года назад

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

msrc логотип

CVE-2022-2503

CVSS3: 6.7
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-2503

CVSS3: 6.9
debian
почти 3 года назад

Dm-verity is used for extending root-of-trust to root filesystems. Loa ...

github логотип

GHSA-j7xr-c5x7-xr2p

CVSS3: 6.7
github
почти 3 года назад

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

EPSS

Процентиль: 0%
0.00003
Низкий

6.7 Medium

CVSS3