CVE-2022-2959

CVSS v3.1 7 (High)

EPSS 0.04 % (17^th)

Affected Products 1

Advisories 16

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-667: Improper Locking

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-08-25 18:15:10
(2 years ago)
Updated Date: 2023-05-26 19:42:24
(15 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.8 version and prior 5.10.120 version	cpe:2.3:o:linux:linux_kernel	>= 5.8	< 5.10.120
Linux Kernel from 5.11 version and prior 5.15.45 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.45
Linux Kernel from 5.16 version and prior 5.17.13 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 5.17.13
Linux Kernel from 5.18 version and prior 5.18.2 version	cpe:2.3:o:linux:linux_kernel	>= 5.18	< 5.18.2