PT-2022-4133 · Linux+10 · Linux Kernel+10

Published

2022-05-24

·

Updated

2023-02-15

·

CVE-2022-21499

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the insecure management of privileges when loading the KGDB and KDB debugging tools in Linux kernel's Lockdown Mode. This could allow an attacker to bypass security restrictions. An attacker with access to a serial port could trigger the debugger, making it important for the debugger to respect the lockdown mode.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-267

Related Identifiers

ALSA-2022:7444
ALSA-2022:7683
ALSA-2022:7933
ALSA-2022:8267
ALT-PU-2022-2472
BDU:2022-04974
CESA-2022_7444
CESA-2022_7683
CVE-2022-21499
DSA-5161-1
LSN-0086-1
LSN-0089-1
MGASA-2022-0212
MGASA-2022-0213
OESA-2022-1727
OPENSUSE-SU-2022_2111-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2615-1
RHSA-2022:7444
RHSA-2022:7683
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_7444
RHSA-2022_7683
RHSA-2022_7933
RHSA-2022_8267
RHSA-2024:0724
RLSA-2022:7444
RLSA-2022:7683
SUSE-SU-2022:2077-1
SUSE-SU-2022:2080-1
SUSE-SU-2022:2082-1
SUSE-SU-2022:2103-1
SUSE-SU-2022:2111-1
SUSE-SU-2022:2116-1
SUSE-SU-2022:2393-1
SUSE-SU-2022:2438-1
SUSE-SU-2022:2444-1
SUSE-SU-2022:2446-1
SUSE-SU-2022:2461-1
SUSE-SU-2022:2482-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2629-1
SUSE-SU-2023:0416-1
USN-5465-1
USN-5466-1
USN-5467-1
USN-5468-1
USN-5469-1
USN-5470-1
USN-5471-1
USN-5484-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu