Home > Vulnerability Database > CVE-2022-0264

Mend.io Vulnerability Database

CVE-2022-0264

Good to know:

Date: February 4, 2022

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6

Language: C

Severity Score

5.5

Related Resources (7)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-0264

Url: https://github.com/gregkh/linux/commit/7d3baf0afa3aa9102d6a521a8e4c41888bb79882

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2041547

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-0264

Url: https://access.redhat.com/security/cve/CVE-2022-0264

Url: https://security-tracker.debian.org/tracker/CVE-2022-0264

Url: https://www.mend.io/vulnerability-database/CVE-2022-0264

Severity Score

5.5

Weakness Type (CWE)

Improper Handling of Exceptional Conditions

CWE-755

Top Fix

Upgrade Version

Upgrade to version v5.15.11,v5.16-rc6

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-0264

Good to know:

Date: February 4, 2022

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?