7

CVE-2022-1729

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.2.85 < 3.3
LinuxLinux Kernel Version >= 3.16.40 < 3.17
LinuxLinux Kernel Version >= 3.18.54 < 3.19
LinuxLinux Kernel Version >= 4.0.0 < 4.9.316
LinuxLinux Kernel Version >= 4.10 < 4.14.281
LinuxLinux Kernel Version >= 4.15 < 4.19.245
LinuxLinux Kernel Version >= 4.20 < 5.4.196
LinuxLinux Kernel Version >= 5.5.0 < 5.10.118
LinuxLinux Kernel Version >= 5.11 < 5.15.42
LinuxLinux Kernel Version >= 5.16 < 5.17.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.225
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-366 Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704
Patch
Vendor Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20230214-0006/
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/05/20/2
Patch
Third Party Advisory
Mailing List