Vulnerability DatabaseCVE-2022-2153
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-2153
August 31, 2022
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
Related Resources (10)
https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44
https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a
https://security-tracker.debian.org/tracker/CVE-2022-2153
https://www.openwall.com/lists/oss-security/2022/06/22/1
https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce
https://access.redhat.com/security/cve/CVE-2022-2153
https://bugzilla.redhat.com/show_bug.cgi?id=2069736
https://people.canonical.com/~ubuntu-security/cve/CVE-2022-2153
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.01