Vulnerability DatabaseCVE-2022-1158
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-1158
August 05, 2022
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.
Related ResourcesĀ (6)
https://www.openwall.com/lists/oss-security/2022/04/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=2069793
https://security.netapp.com/advisory/ntap-20230214-0003/
https://security-tracker.debian.org/tracker/CVE-2022-1158
https://access.redhat.com/security/cve/CVE-2022-1158
https://people.canonical.com/~ubuntu-security/cve/CVE-2022-1158
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.5
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Use After Free
CWE-416
EPSS
Base Score:
0.02