1. Home
  2. Vulnerabilities
  3. CVE-2022-0264

CVE-2022-0264

CVSS v3.1 5.5 (Medium)
55% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 6
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6

Weaknesses
CWE-755
Improper Handling of Exceptional Conditions
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-02-04 23:15:12
(2 years ago)
Updated Date
2022-11-16 13:46:47
(22 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 5.16 version cpe:2.3:o:linux:linux_kernel < 5.16
  Linux Kernel 5.16 cpe:2.3:o:linux:linux_kernel:5.16:-
  Linux Kernel 5.16 Rc1 cpe:2.3:o:linux:linux_kernel:5.16:rc1
  Linux Kernel 5.16 Rc2 cpe:2.3:o:linux:linux_kernel:5.16:rc2
  Linux Kernel 5.16 Rc3 cpe:2.3:o:linux:linux_kernel:5.16:rc3
  Linux Kernel 5.16 Rc4 cpe:2.3:o:linux:linux_kernel:5.16:rc4
  Linux Kernel 5.16 Rc5 cpe:2.3:o:linux:linux_kernel:5.16:rc5