PT-2022-6553 · Linux+7 · Linux Kernel+7
Published
2022-05-31
·
Updated
2023-08-14
·
CVE-2022-2503
CVSS v3.1
6.9
Medium
| Vector | AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the
verity ctr() function in the drivers/md/dm-verity-target.c module of the Linux kernel's device-mapper subsystem. It allows an attacker with administrator privileges to bypass the LoadPin subsystem's restrictions and load untrusted kernel modules or firmware by switching out the target with an equivalent dm-linear target. This can lead to arbitrary kernel execution and persistence for peripherals that do not verify firmware updates.Recommendations
We recommend upgrading past commit
4caae58406f8ceb741603eee460d79bacca9b1b5 to resolve the issue. As a temporary workaround, consider restricting the use of the dm-verity target to minimize the risk of exploitation. Additionally, restrict access to the dm-linear target to prevent bypassing the LoadPin subsystem's verification.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu