Linux Kernel code execution | CVE-2022-28390
NAME
Linux Kernel code execution
- Platforms Affected:
Linux Kernel 5.16
Linux Kernel 5.17 - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free flaw in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.kernel.org/ - Reference Link:
https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.