CVE-2022-38014Race Condition in Microsoft Windows Subsystem FOR Linux

CWE-362Race Condition3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.3%
top 46.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Azure EflowMicrosoft Windows Subsystem FOR LinuxMsrc Azure Eflow+1 more
Timeline
PublishedNov 9
Latest updateNov 10

Description

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/windows_subsystem_for_linux5.0.0.05.15.62.1
CVEListV5microsoft/azure_eflow1.4.0.01.4.2.12122 LTS

🔴Vulnerability Details

1
GHSA
GHSA-m4gv-frxm-mf27: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability2022-11-10

📋Vendor Advisories

1
Microsoft
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability2022-11-08