7.8
CVE-2022-2639
- EPSS 1.29%
- Published 01.09.2022 21:15:09
- Last modified 21.11.2024 07:01:25
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.18.139 < 3.19
Linux ≫ Linux Kernel Version >= 4.4.179 < 4.5
Linux ≫ Linux Kernel Version >= 4.9.169 < 4.9.312
Linux ≫ Linux Kernel Version >= 4.14.112 < 4.14.277
Linux ≫ Linux Kernel Version >= 4.19.35 < 4.19.240
Linux ≫ Linux Kernel Version >= 5.0.8 < 5.4.191
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.113
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.36
Linux ≫ Linux Kernel Version >= 5.16 < 5.17.5
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.29% | 0.789 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-192 Integer Coercion Error
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.
CWE-681 Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.