1. Home
  2. Vulnerabilities
  3. CVE-2022-2991

CVE-2022-2991

CVSS v3.1 6.7 (Medium)
67% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 1
Advisories 14
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

Weaknesses
CWE-122
Heap-based Buffer Overflow
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-08-25 18:15:10
(2 years ago)
Updated Date
2022-08-30 20:31:58
(2 years ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 5.15 version cpe:2.3:o:linux:linux_kernel < 5.15