CVE-2022-0854

Published Mar 23, 2022

Last updated 3 months ago

CVSS medium 5.5

Overview

Description: A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

secalert@redhat.com: CWE-200
nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "192D8BB7-2231-48C2-8534-05844F7BF470",
            "versionEndIncluding": "5.16"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A59F7FD3-F505-48BD-8875-F07A33F42F6C"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F635F96-FA0A-4769-ADE8-232B3AC9116D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References