CVE-2022-0264 — Improper Handling of Exceptional Conditions in Kernel
Severity
5.5MEDIUMNVD
OSV6.5OSV4.7
EPSS
0.1%
top 75.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedFeb 4
Latest updateApr 6
Description
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-03-22
GHSA▶
GHSA-9588-jwm4-r4w8: A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures↗2022-02-11
OSV▶
CVE-2022-0264: A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures↗2022-02-04
📋Vendor Advisories
6Microsoft▶
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to↗2022-02-08
Debian▶
CVE-2022-0264: linux - A vulnerability was found in the Linux kernel's eBPF verifier when handling inte...↗2022