CVE-2022-1729

HIGH7.0

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

Published Sep 1, 2022

Modified 1 years ago

No fix available

Details

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

References

WEBhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 WEBhttps://security.netapp.com/advisory/ntap-20230214-0006/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2022-1729 WEBhttps://www.openwall.com/lists/oss-security/2022/05/20/2

CVSS Analysis

CVSS v3.1

7.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-366

Ecosystems

Timeline

PublishedSep 1, 2022

ModifiedAug 3, 2024