Linux Kernel code execution | CVE-2022-28390

April 6, 2022

NAME

Linux Kernel code execution

  • Platforms Affected:
    Linux Kernel 5.16
    Linux Kernel 5.17
  • Risk Level:
    8.4
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free flaw in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Local
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://www.kernel.org/
  • Reference Link:
    https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

Cobalt Strike

Cobalt Strike Beacon Detected – 111[.]229[.]148[.]68:1443

November 5, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 47[.]94[.]168[.]145:9999

November 5, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 167[.]71[.]207[.]129:8080

November 5, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 101[.]91[.]125[.]228:443

November 5, 2024
image

[RHYSIDA] – Ransomware Victim: Fylde Coast Academy Trust

November 5, 2024