Vulnerability Description
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.2.85, < 3.3 |
| Netapp | Hci Baseboard Management Controller | h300s |
Related Weaknesses (CWE)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3aMailing ListPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230214-0006/PatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/05/20/2Mailing ListPatchThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3aMailing ListPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230214-0006/PatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/05/20/2Mailing ListPatchThird Party Advisory
FAQ
What is CVE-2022-1729?
CVE-2022-1729 is a vulnerability with a CVSS score of 7.0 (HIGH). A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kern...
How severe is CVE-2022-1729?
CVE-2022-1729 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1729?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Baseboard Management Controller.