5.5

CVE-2022-2153

Exploit
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.18
FedoraprojectFedora Version36
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.352
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=2069736
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/06/22/1
Patch
Third Party Advisory
Exploit
Mailing List