CVE-2022-4378

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 86

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Weaknesses

CWE-131: Incorrect Calculation of Buffer Size
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2023-01-05 16:15:11
(20 months ago)
Updated Date: 2023-11-07 03:57:42
(10 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.9.0 version and 4.9.337 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 4.9.0	<= 4.9.337
Linux Kernel from 4.14.0 version and 4.14.302 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 4.14.0	<= 4.14.302
Linux Kernel from 4.19.0 version and 4.19.269 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 4.19.0	<= 4.19.269
Linux Kernel from 5.4.0 version and 5.4.228 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 5.4.0	<= 5.4.228
Linux Kernel from 5.10.0 version and 5.10.162 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 5.10.0	<= 5.10.162
Linux Kernel from 5.15.0 version and 5.15.86 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 5.15.0	<= 5.15.86
Linux Kernel from 6.0.0 version and 6.0.11 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 6.0.0	<= 6.0.11