Vulnerabilities > CVE-2022-21499 - Out-of-bounds Write vulnerability in multiple products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

oracle

debian

CWE-787

NVD

Published: 2022-06-09

Updated: 2022-06-17

Summary

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
OS	Oracle Oracle Linux 6 Oracle Linux 7 Oracle Linux 8	3
OS	Debian Debian Debian Linux 11.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066
https://www.debian.org/security/2022/dsa-5161