ID

VAR-202202-1707


CVE

CVE-2022-25265


TITLE

Linux kernel Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368

DESCRIPTION

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Trust: 1.0

sources: NVD: CVE-2022-25265

AFFECTED PRODUCTS

vendor:netappmodel:baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h700escope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:baseboard management controller h700sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:5.16.10

Trust: 1.0

vendor:netappmodel:baseboard management controller h500escope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2022-25265

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-25265
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202202-1368
value: HIGH

Trust: 0.6

NVD: CVE-2022-25265
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-25265
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202202-1368 // NVD: CVE-2022-25265

PROBLEMTYPE DATA

problemtype:CWE-913

Trust: 1.0

sources: NVD: CVE-2022-25265

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368

CONFIGURATIONS

sources: NVD: CVE-2022-25265

PATCH

title:Linux kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=183903

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368

EXTERNAL IDS

db:NVDid:CVE-2022-25265

Trust: 1.6

db:CNNVDid:CNNVD-202202-1368

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368 // NVD: CVE-2022-25265

REFERENCES

url:https://github.com/x0reaxeax/exec-prot-bypass

Trust: 1.6

url:https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#l281-l294

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20220318-0005/

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2022-25265

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-25265

Trust: 0.6

sources: CNNVD: CNNVD-202202-1368 // NVD: CVE-2022-25265

SOURCES

db:CNNVDid:CNNVD-202202-1368
db:NVDid:CVE-2022-25265

LAST UPDATE DATE

2022-05-12T22:17:18.675000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202202-1368date:2022-03-21T00:00:00
db:NVDid:CVE-2022-25265date:2022-05-11T14:08:00

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202202-1368date:2022-02-16T00:00:00
db:NVDid:CVE-2022-25265date:2022-02-16T21:15:00