CVE-2022-3424

Опубликовано: 19 сент. 2022

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Меры по смягчению последствий

To mitigate this issue, prevent the module gru from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Affected
Red Hat Enterprise Linux 8	kernel-rt	Affected
Red Hat Enterprise Linux 9	kernel-rt	Will not fix
Red Hat Virtualization 4	redhat-virtualization-host	Not affected
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:8333	02.06.2025
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2025:8333	02.06.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2132640kernel: Use after Free in gru_set_context_option leading to kernel panic

EPSS

Процентиль: 3%

0.0002

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2022-3424

CVSS3: 7.8

ubuntu

больше 2 лет назад

CVE-2022-3424

CVSS3: 7.8

nvd

больше 2 лет назад

CVE-2022-3424

CVSS3: 7.8

debian

больше 2 лет назад

A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU dri ...

SUSE-SU-2023:0240-1

suse-cvrf

больше 2 лет назад

Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)

SUSE-SU-2023:0235-1

suse-cvrf

больше 2 лет назад

Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1)

EPSS

Процентиль: 3%

0.0002

Низкий

7 High

CVSS3