CVE-2022-2991

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8	Mailing List Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-960/	Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8	Mailing List Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-960/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:02

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 - Mailing List, Patch, Vendor Advisory~~	() https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 - Mailing List, Patch, Vendor Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-22-960/ - Third Party Advisory, VDB Entry~~	() https://www.zerodayinitiative.com/advisories/ZDI-22-960/ - Third Party Advisory, VDB Entry

Information

Published : 2022-08-25 18:15

Updated : 2024-11-21 07:02

NVD link : CVE-2022-2991

Mitre link : CVE-2022-2991

CVE.ORG link : CVE-2022-2991

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-2991", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2022-08-25T18:15:10.363", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-960/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-960/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el subsistema LightNVM del kernel de Linux. El problema es debido a la falta de comprobaci\u00f3n apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer de longitud fija en la regi\u00f3n heap de la memoria. Esta vulnerabilidad permite a un atacante local escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto del kernel. El atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con altos privilegios en el sistema objetivo para explotar esta vulnerabilidad."}], "lastModified": "2024-11-21T07:02:02.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4", "versionEndExcluding": "5.15"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}