Linux Kernel eBPF local privilege escalation (CVE-2022-23222) vulnerability

by CIRT Team

Description:
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Impact: A local attacker may exploit this issue to gain elevated root privileges on the affected system.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference urls:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
https://nvd.nist.gov/vuln/detail/CVE-2022-23222
https://ubuntu.com/security/CVE-2022-23222
https://access.redhat.com/security/cve/cve-2022-23222

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts