CVE-2022-2785 — Vulnetix

CVE-2022-2785 PUBLISHED CVSS 6.699999809265137 MEDIUM

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

EPSS 0.11% · 29.5th percentile

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.11%

29.5th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
Linux Kernel	Kernel	5.14, 5.18

Timeline

Sep 23, 2022 CVE Published
Sep 24, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 22, 2022 EPSS Score
Dec 30, 2022 EPSS Score
Feb 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 21, 2023 EPSS Score
May 5, 2023 EPSS Score
Jun 18, 2023 EPSS Score
Aug 2, 2023 EPSS Score
Sep 15, 2023 EPSS Score

References

https://git.kernel.org/bpf/bpf/c/86f44fcec22c url
https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei%40google.com/T/#t url
https://nvd.nist.gov/vuln/detail/CVE-2022-2785 advisory
https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei@google.com/T/#t url

Open in Interactive Console →