CVE-2022-0995

high-risk

Published 2022-03-25

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Do I need to act?

15.2% chance of exploitation in next 30 days

EPSS score — higher than 85% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Linux Kernel

Fedora

H300E Firmware

H300S Firmware

H410C Firmware

H410S Firmware

H500E Firmware

H500S Firmware

H610C Firmware

H610S Firmware

H615C Firmware

H700E Firmware

H700S Firmware

Affected Vendors

Linux Fedoraproject Netapp

References (10)

Exploit http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Boun...

Exploit http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2063786

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220429-0001/

Exploit http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Boun...

Exploit http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2063786

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220429-0001/

/ 100

high-risk

Severity 24/34 · High

Exploitability 13/34 · Low

Exposure 20/34 · Moderate