Lucene search

RedhatCVE-2022-2961

HistoryAug 29, 2022 - 3:15 p.m.

CVE-2022-2961

2022-08-2915:15:10

CWE-362

CWE-416

redhat

web.nvd.nist.gov

166

cve-2022-2961

linux kernel

plp rose

use-after-free

race condition

privilege escalation

nvd

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange<6.0

linuxlinux_kernelMatch6.0rc1

Node

fedoraprojectfedoraMatch36

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.0cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
netapph700s_firmware-cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
netapph700s-cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
netapph410s_firmware-cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.0	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h500s_firmware	-	cpe:2.3:o:netapp:h500s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*
netapp	h700s_firmware	-	cpe:2.3:o:netapp:h700s_firmware:-:::::::*
netapp	h700s	-	cpe:2.3:h:netapp:h700s:-:::::::*
netapp	h410s_firmware	-	cpe:2.3:o:netapp:h410s_firmware:-:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Kernel",
    "versions": [
      {
        "version": "Linux kernel 6.0-rc2",
        "status": "affected"
      }
    ]
  }
]