- 180/2022
- High
Linux kernel has released security updates to address multiple vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The addressed vulnerabilities could allow the remote attacker to take control of the affected system, disclose information, gain write access to read-only memory mappings, increase their privileges on the system, and elevate privileges to root on the affected system.
Sample of the addressed vulnerabilities:
- Linux Kernel Privilege Escalation (CVE-2022-2586):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
- Linux Kernel Security Bypass (CVE-2022-2590):
- CVSS: 7.0
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2022-2586
- CVE-2022-2588
- CVE-2022-2585
- CVE-2021-46778
- CVE-2022-21233
- CVE-2022-2590
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.