{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1729", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T00:16:58.917Z", "dateReserved": "2022-05-16T00:00:00", "datePublished": "2022-09-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc."}], "affected": [{"vendor": "n/a", "product": "linux kernel", "versions": [{"version": "linux kernel 5.18 rc9", "status": "affected"}]}], "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704"}, {"url": "https://www.openwall.com/lists/oss-security/2022/05/20/2"}, {"url": "https://security.netapp.com/advisory/ntap-20230214-0006/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-366", "cweId": "CWE-366"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:16:58.917Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2022/05/20/2", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230214-0006/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27D80EB8-EA85-4256-A8F6-CDFA2F92AE24", "versionEndExcluding": "3.3", "versionStartIncluding": "3.2.85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF2842FE-71A6-4182-B132-2372CFC813B1", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.40", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B97594C8-AC35-4DF4-82DF-5BF2BCAAA0CE", "versionEndExcluding": "3.19", "versionStartIncluding": "3.18.54", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7CEE4C-AE63-4AF4-BE72-1CED351886A3", "versionEndExcluding": "4.9.316", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBB1A3B4-E46A-4454-A428-85CC0AC925F6", "versionEndExcluding": "4.14.281", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12", "versionEndExcluding": "4.19.245", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32", "versionEndExcluding": "5.4.196", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0938CFCC-E5F1-4DA3-B727-F2215F6C6BBA", "versionEndExcluding": "5.10.118", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816", "versionEndExcluding": "5.15.42", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F", "versionEndExcluding": "5.17.10", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc."}, {"lang": "es", "value": "Se ha encontrado una condici\u00f3n de carrera en el kernel de Linux en la funci\u00f3n perf_event_open() que puede ser explotada por un usuario no privilegiado para conseguir privilegios de root. El bug permite construir varias primitivas de explotaci\u00f3n como un filtrado de informaci\u00f3n de direcciones del kernel, una ejecuci\u00f3n arbitraria, etc"}], "id": "CVE-2022-1729", "lastModified": "2024-11-21T06:41:20.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:09.057", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230214-0006/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/05/20/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230214-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/05/20/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-366"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Norbert Slusarek for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:5236", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "impact": "important", "package": "kernel-rt-0:3.10.0-1160.71.1.rt56.1212.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5232", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "important", "package": "kernel-0:3.10.0-1160.71.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5806", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.104.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5157", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.103.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-06-22T00:00:00Z"}, {"advisory": "RHSA-2022:6432", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.97.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2022-09-13T00:00:00Z"}, {"advisory": "RHSA-2022:6432", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.97.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-09-13T00:00:00Z"}, {"advisory": "RHSA-2022:6432", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.97.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-09-13T00:00:00Z"}, {"advisory": "RHSA-2022:6741", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.70.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-09-28T00:00:00Z"}, {"advisory": "RHSA-2022:6741", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.70.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-09-28T00:00:00Z"}, {"advisory": "RHSA-2022:6741", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.70.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-09-28T00:00:00Z"}, {"advisory": "RHSA-2022:5565", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "impact": "important", "package": "kernel-rt-0:4.18.0-372.16.1.rt7.173.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-13T00:00:00Z"}, {"advisory": "RHSA-2022:5564", "cpe": "cpe:/o:redhat:enterprise_linux:8", "impact": "important", "package": "kernel-0:4.18.0-372.16.1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-13T00:00:00Z"}, {"advisory": "RHSA-2022:5636", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.70.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5224", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.87.1.rt13.137.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5220", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.87.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5633", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.57.1.rt7.129.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5626", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.57.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "important", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5267", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "impact": "important", "package": "kernel-rt-0:5.14.0-70.17.1.rt21.89.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/o:redhat:enterprise_linux:9", "impact": "important", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5564", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.16.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-07-13T00:00:00Z"}], "bugzilla": {"description": "kernel: race condition in perf_event_open leads to privilege escalation", "id": "2086753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086753"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-366", "details": ["A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.", "A use-after-free flaw was found in the Linux kernel\u2019s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-1729", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "impact": "moderate", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1729\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1729"], "threat_severity": "Important", "upstream_fix": "kernel 5.18 rc9"}