CVE Vulnerability

CVE-2022-3170

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with ''. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887 Patch Third Party Advisory
https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
Information

Published : 2022-09-13 04:15

Updated : 2022-12-08 10:06

NVD link : CVE-2022-3170

Mitre link : CVE-2022-3170

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read