KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html | Third Party Advisory VDB Entry |
https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066 | Mailing List Patch Vendor Advisory |
https://www.debian.org/security/2022/dsa-5161 | Third Party Advisory |
Configurations
History
08 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.7 |
30 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.5 |
17 Jun 2022, 14:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.7 |
References | (MISC) https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066 - Mailing List, Patch, Vendor Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5161 - Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* |
13 Jun 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 21:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-21499
Mitre link : CVE-2022-21499
CVE.ORG link : CVE-2022-21499
JSON object : View
Products Affected
debian
- debian_linux
oracle
- linux
CWE
CWE-787
Out-of-bounds Write