{ "id": "CVE-2022-0264", "sourceIdentifier": "secalert@redhat.com", "published": "2022-02-04T23:15:12.463", "lastModified": "2024-11-21T06:38:15.803", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6" }, { "lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el verificador eBPF del kernel de Linux cuando son manejados estructuras de datos internas. Las ubicaciones de memoria interna pod\u00edan ser devueltas al espacio de usuario. Un atacante local con los permisos para insertar c\u00f3digo eBPF en el kernel puede usar esto para filtrar detalles de memoria interna del kernel derrotando algunas de las mitigaciones de la explotaci\u00f3n en el lugar para el kernel. Este fallo afecta a las versiones del kernel anteriores a v5.16-rc6" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 2.1, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "secalert@redhat.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-755" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-755" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.16", "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*", "matchCriteriaId": "FF588A58-013F-4DBF-A3AB-70EC054B1892" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "F621B5E3-E99D-49E7-90B9-EC3B77C95383" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "F7BFDCAA-1650-49AA-8462-407DD593F94F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*", "matchCriteriaId": "6EC9882F-866D-4ACB-8FBC-213D8D8436C8" } ] } ] } ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041547", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041547", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }