CVE-2022-2959
low-risk
Published 2022-08-25
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10
High
LOCAL
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (6)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230214-0005/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1165/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230214-0005/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1165/
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal