PT-2021-7276 · Linux+4 · Linux Kernel+4

Guilherme De Almeida Suckevicz

·

Published

2021-12-14

·

Updated

2023-08-14

·

CVE-2022-0264

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to v5.16-rc6
Description A flaw in the Linux kernel's eBPF verifier allows internal memory locations to be returned to userspace when handling internal data structures. This can be exploited by a local attacker with permissions to insert eBPF code into the kernel, potentially leaking internal kernel memory details and defeating some kernel exploit mitigations.
Recommendations For Linux kernel versions prior to v5.16-rc6, update to version v5.16-rc6 or later to resolve the issue. As a temporary workaround, consider restricting the insertion of eBPF code to the kernel to minimize the risk of exploitation.

Fix

Information Disclosure

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-755

Related Identifiers

ALT-PU-2022-1175
ALT-PU-2022-1307
ALT-PU-2022-1647
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-8497
BDU:2022-05010
CVE-2022-0264
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2615-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2615-1
USN-5278-1
USN-5337-1
USN-5368-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu