Versio.io

CVE-2022-2785

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-09-2022 01:15
Last modified: - 23-01-2023 07:44
Total changes: - 8

Description

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Local
Attack vector
None
Availability
High
Confidentiality
None
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
5.5
Base score
1.8
3.6
Exploitability score
Impact score
 

Verification logic

 

Reference

  • N/A-Patch, Vendor Advisory
  • N/A-Vendor Advisory
 


Keywords

NVD

 

CVE-2022-2785

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.