CVE-2022-2503Authentication Bypass by Assumed-Immutable Data in Kernel

CWE-302Authentication Bypass by Assumed-Immutable DataCWE-287Improper AuthenticationCWE-288Authentication Bypass Using an Alternate Path or Channel34 documents9 sources
Severity
6.7MEDIUMNVD
CNA6.9OSV5.9OSV5.5
EPSS
0.0%
top 99.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelLinux Kernel
Timeline
PublishedAug 12
Latest updateJun 15

Description

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and per

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel< 5.19
CVEListV5linux_kernel/linux_kernelunspecified4caae58406f8ceb741603eee460d79bacca9b1b5
Debianlinux/linux_kernel< 5.10.120-1+3
Ubuntulinux/linux_kernel< 5.4.0-126.142+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

16
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
OSV
linux-gcp-5.4 vulnerabilities2022-10-06
OSV
linux-gke vulnerabilities2022-10-04
OSV
linux-gcp vulnerabilities2022-09-28

📋Vendor Advisories

17
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
Ubuntu
Linux kernel (GCP) vulnerabilities2022-10-06