CVE-2022-30594

Exploit

EPSS 0.03%
Published 12.05.2022 05:15:06
Last modified 21.11.2024 07:02:59
Source cve@mitre.org
Teams watchlist Login
Open Login

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.19.238

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.189

Linux ≫ Linux Kernel Version >= 5.5.0 < 5.10.110

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.33

Linux ≫ Linux Kernel Version >= 5.16.0 < 5.16.19

Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ Solidfire, Enterprise Sds & Hci Storage Node Version-

Netapp ≫ Solidfire & Hci Management Node Version-

Netapp ≫ Hci Compute Node Version-

Netapp ≫ 8300 Firmware Version-

Netapp ≫ 8300 Version-

Netapp ≫ 8700 Firmware Version-

Netapp ≫ 8700 Version-

Netapp ≫ A400 Firmware Version-

Netapp ≫ A400 Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.049

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html

Third Party Advisory

VDB Entry

https://www.debian.org/security/2022/dsa-5173

Third Party Advisory

http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html

Third Party Advisory

VDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=2276

Patch

Third Party Advisory

Exploit

Mailing List

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3

Patch

Vendor Advisory

Mailing List

https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3

Patch

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220707-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-30594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30594

EUVD