CVE-2022-1729 — Race Condition within a Thread in Kernel

CWE-366 — Race Condition within a Thread CWE-362 — Race Condition18 documents6 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 80.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Netapp HCI Baseboard Management Controller

Timeline

PublishedSep 1

Latest updateOct 6

Description

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel3.2.85 — 3.3+9

▶Debianlinux/linux_kernel< 5.10.120-1+3

▶CVEListV5linux/linux_kernellinux kernel 5.18 rc9

▶NVDnetapp/hci_baseboard_management_controller4 versions+3

Patches

Patch: git.kernel.org ↗Patch: security.netapp.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

OSV

CVE-2022-1729: A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges↗2022-09-01

▶

CVEList

CVE-2022-1729: A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges↗2022-09-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel (GCP) vulnerabilities↗2022-10-06

▶

Ubuntu

Linux kernel (GKE) vulnerabilities↗2022-10-04

▶

Ubuntu

Linux kernel vulnerabilities↗2022-09-30

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2022-09-26

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2022-09-22

▶