CVE-2022-21505 - OpenCVE

An authentication bypass flaw was found in the Linux kernel’s IMA policy when a user performs lockdown. This flaw allows a local user to crash or potentially escalate their privileges on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-284.11.1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z
kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2023:2148	2023-05-09T00:00:00Z
kernel-0:5.14.0-284.11.1.el9_2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2022-21505
https://www.cve.org/CVERecord?id=CVE-2022-21505

History

No history.

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2022-07-19T00:00:00Z

Links: CVE-2022-21505 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object