CVE-2022-1729

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Published: Sep 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-1729
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.10	4.14.281
linux / linux_kernel	4.15	4.19.245
linux / linux_kernel	4.20	5.4.196
linux / linux_kernel	5.11	5.15.42
linux / linux_kernel	5.16	5.17.10
linux / linux_kernel	5.5.0	5.10.118
linux / linux_kernel	4.0.0	4.9.316
linux / linux_kernel	3.18.54	3.19
linux / linux_kernel	3.16.40	3.17
linux / linux_kernel	3.2.85	3.3
netapp / hci_baseboard_management_controller	h300s	h300s.x
netapp / hci_baseboard_management_controller	h500s	h500s.x
netapp / hci_baseboard_management_controller	h700s	h700s.x
netapp / hci_baseboard_management_controller	h410s	h410s.x

Vulnerability Database

289,689

CVE-2022-1729