CVE-2022-1729

Published Sep 1, 2022

Last updated a year ago

CVSS high 7.0

Overview

Description: A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-362
secalert@redhat.com: CWE-366

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27D80EB8-EA85-4256-A8F6-CDFA2F92AE24",
            "versionEndExcluding": "3.3",
            "versionStartIncluding": "3.2.85"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2842FE-71A6-4182-B132-2372CFC813B1",
            "versionEndExcluding": "3.17",
            "versionStartIncluding": "3.16.40"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B97594C8-AC35-4DF4-82DF-5BF2BCAAA0CE",
            "versionEndExcluding": "3.19",
            "versionStartIncluding": "3.18.54"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E7CEE4C-AE63-4AF4-BE72-1CED351886A3",
            "versionEndExcluding": "4.9.316",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBB1A3B4-E46A-4454-A428-85CC0AC925F6",
            "versionEndExcluding": "4.14.281",
            "versionStartIncluding": "4.10"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12",
            "versionEndExcluding": "4.19.245",
            "versionStartIncluding": "4.15"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32",
            "versionEndExcluding": "5.4.196",
            "versionStartIncluding": "4.20"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0938CFCC-E5F1-4DA3-B727-F2215F6C6BBA",
            "versionEndExcluding": "5.10.118",
            "versionStartIncluding": "5.5.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816",
            "versionEndExcluding": "5.15.42",
            "versionStartIncluding": "5.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F",
            "versionEndExcluding": "5.17.10",
            "versionStartIncluding": "5.16"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References