CVE-2022-2590

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/	Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/08/08/1	Mailing List Third Party Advisory
https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/	Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/08/08/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type	Values Removed	Values Added
References	~~() https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/ - Vendor Advisory~~	() https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/ - Vendor Advisory
References	~~() https://www.openwall.com/lists/oss-security/2022/08/08/1 - Mailing List, Third Party Advisory~~	() https://www.openwall.com/lists/oss-security/2022/08/08/1 - Mailing List, Third Party Advisory

26 May 2023, 19:42

Type	Values Removed	Values Added
References	~~(MISC) https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/ -~~	(MISC) https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/ - Vendor Advisory

Information

Published : 2022-08-31 16:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2590

Mitre link : CVE-2022-2590

CVE.ORG link : CVE-2022-2590

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2022-2590", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-08-31T16:15:11.227", "references": [{"url": "https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/08/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2022/08/08/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system."}, {"lang": "es", "value": "Se encontr\u00f3 una condici\u00f3n de carrera en la forma en que el subsistema de memoria del kernel de Linux manejaba la ruptura de copia en escritura (COW) de las asignaciones de memoria compartida privada de s\u00f3lo lectura. Este fallo permite a un usuario local no privilegiado conseguir acceso de escritura a las asignaciones de memoria de s\u00f3lo lectura, aumentando sus privilegios en el sistema"}], "lastModified": "2024-11-21T07:01:18.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E99903-E16D-475D-954B-2BAC46C98262", "versionEndExcluding": "5.19.6", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}