CVE-2022-21499
Last modified
CVE-2022-21499 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Linux | 6 |
| Oracle | Linux | 7 |
| Oracle | Linux | 8 |
| Debian | Debian Linux | 11.0 |
References
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.htmlThird Party Advisory, VDB Entry
- https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066Mailing List, Patch, Vendor Advisory
- https://www.debian.org/security/2022/dsa-5161Third Party Advisory
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.htmlThird Party Advisory, VDB Entry
- https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066Mailing List, Patch, Vendor Advisory
- https://www.debian.org/security/2022/dsa-5161Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-21499?
How severe is CVE-2022-21499?
How do I fix CVE-2022-21499?
Are you affected by CVE-2022-21499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST