PT-2022-25471 · Kdiskmark+1 · Kdiskmark+1
Matthias Gerstner
·
Published
2022-09-14
·
Updated
2023-03-23
·
CVE-2022-40673
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
KDiskMark versions prior to 3.1.0
Description
The issue is related to a lack of authorization checking for D-Bus methods, specifically methods such as
Helper::flushPageCache(). This lack of authorization could potentially allow unauthorized access or actions.Recommendations
For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the D-Bus methods, such as
Helper::flushPageCache(), until a patch is available.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Kdiskmark