cbcvebase.
CVE-2022-21499
published 2022-06-09

CVE-2022-21499: KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could…

medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected

25 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 5.17.11-1 (bookworm)linux 5.17.11-1 (bookworm)
linuxlinux_kernel>= 0 < 5.10.120-15.10.120-1
linuxlinux_kernel>= 0 < 5.17.11-15.17.11-1
linuxlinux_kernel>= 0 < 5.17.11-15.17.11-1
linuxlinux_kernel>= 0 < 5.17.11-15.17.11-1
linuxlinux_kernel>= 0 < 4.15.0-184.1944.15.0-184.194
linuxlinux_kernel>= 0 < 5.4.0-117.1325.4.0-117.132
linuxlinux_kernel>= 0 < 5.15.0-37.395.15.0-37.39
linuxlinux_kernel>= 0 < 3.13.0-190.2413.13.0-190.241
linuxlinux_kernel>= 0 < 4.4.0-227.2614.4.0-227.261
linuxlinux_kernel>= 0 < 4.4.0-231.2654.4.0-231.265
linuxlinux_kernel>= 0 < 4.15.0-191.2024.15.0-191.202
linuxlinux_kernel>= 0 < 4.15.0-180.1894.15.0-180.189
linuxlinux_kernel>= 0 < 5.4.0-124.1405.4.0-124.140
linuxlinux_kernel>= 0 < 5.4.0-117.1325.4.0-117.132
linuxlinux_kernel>= 0 < 5.15.0-46.495.15.0-46.49
linuxlinux_kernel>= 0 < 5.15.0-37.395.15.0-37.39
oraclelinux
oraclelinux
oraclelinux
oracle_corporationoracle_linux
oracle_corporationoracle_linux
oracle_corporationoracle_linux
oracle_corporationoracle_vm

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv8.2HIGH