CVE-2022-1353

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

CVSS v3.0 7.1 HIGH
CVSS v2.0 3.6 LOW

7.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2066819	Issue Tracking Patch Third Party Advisory
https://www.debian.org/security/2022/dsa-5127	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220629-0001/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html	Mailing List Third Party Advisory
https://www.debian.org/security/2022/dsa-5173	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc7::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc8::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

09 Nov 2023, 14:44

Type	Values Removed	Values Added
First Time		Netapp h300e Firmware Netapp h700e Firmware Netapp h300e Netapp h410c Firmware Netapp h500s Netapp h410s Firmware Netapp h700s Firmware Netapp h500e Netapp h300s Netapp h410c Netapp h410s Netapp h700e Netapp h700s Netapp h500e Firmware Netapp h300s Firmware Netapp h500s Firmware
CPE	cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::*	cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::*

Information

Published : 2022-04-29 16:15

Updated : 2023-11-09 14:44

NVD link : CVE-2022-1353

Mitre link : CVE-2022-1353

JSON object : View

Products Affected

netapp

h300e_firmware
h300s
h410s_firmware
h500s
h410s
h700e
h700s
h300s_firmware
h300e
h410c_firmware
h410c
h500e_firmware
h500e
h700s_firmware
h500s_firmware
h700e_firmware

debian

debian_linux

linux

linux_kernel

redhat

enterprise_linux

CWE

NVD-CWE-noinfo

7.1 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-1353

7.1^/10

3.6^/10

Attach tags to `CVE-2022-1353`