7.8

CVE-2022-30594

Exploit
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.238
LinuxLinux Kernel Version >= 4.20 < 5.4.189
LinuxLinux Kernel Version >= 5.5.0 < 5.10.110
LinuxLinux Kernel Version >= 5.11 < 5.15.33
LinuxLinux Kernel Version >= 5.16.0 < 5.16.19
LinuxLinux Kernel Version >= 5.17 < 5.17.2
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NetappHci Compute Node Version-
Netapp8300 Firmware Version-
   Netapp8300 Version-
Netapp8700 Firmware Version-
   Netapp8700 Version-
NetappA400 Firmware Version-
   NetappA400 Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
Third Party Advisory
VDB Entry
https://www.debian.org/security/2022/dsa-5173
Third Party Advisory
http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
Patch
Third Party Advisory
Exploit
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
Patch
Vendor Advisory
Mailing List
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3
Patch
Vendor Advisory
Mailing List
https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220707-0001/
Third Party Advisory