CVE-2022-2905

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2022, 19:44

Type Values Removed Values Added
First Time Debian
Debian debian Linux
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

01 Nov 2022, 23:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html -

15 Sep 2022, 21:13

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2121800 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2121800 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (MISC) https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/ - (MISC) https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/ - Exploit, Mailing List, Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Redhat
Linux
Redhat enterprise Linux
CPE cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
CWE CWE-125

09 Sep 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-09 15:15

Updated : 2022-11-21 19:44


NVD link : CVE-2022-2905

Mitre link : CVE-2022-2905


JSON object : View

Products Affected

redhat

  • enterprise_linux

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-125

Out-of-bounds Read