CVE-2022-4378
CVSS V2 None
CVSS V3 None
Description
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Overview
- CVE ID
- CVE-2022-4378
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2023-01-05T16:15:11
- Last Modified Date
- 2023-03-08T18:15:11
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 4.9.0 | 4.9.337 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 4.14.0 | 4.14.302 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 4.19.0 | 4.19.269 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.4.0 | 5.4.228 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.10.0 | 5.10.162 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.15.0 | 5.15.86 |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 6.0.0 | 6.0.11 |
References
Reference URL | Reference Tags |
---|---|
http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html | |
https://bugzilla.redhat.com/show_bug.cgi?id=2152548 | Issue Tracking Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch | Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch | Vendor Advisory |
https://seclists.org/oss-sec/2022/q4/178 | Mailing List Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4378 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-01-05 16:20:36 | Added to TrackCVE | |||
2023-01-05 16:20:37 | Weakness Enumeration | new | ||
2023-01-10 15:16:58 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2023-01-12 05:16:00 | 2023-01-11T20:47:29 | CVE Modified Date | updated | |
2023-01-12 05:16:00 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2023-01-12 05:16:02 | Weakness Enumeration | update | ||
2023-01-12 05:16:04 | CPE Information | updated | ||
2023-03-08 19:18:41 | 2023-03-08T18:15:11 | CVE Modified Date | updated | |
2023-03-08 19:18:41 | Analyzed | Modified | Vulnerability Status | updated |
2023-03-08 19:18:42 | References | updated |