CVE-2022-0500

HIGH

Linux Kernel 5.10-5.15.37 - Out-of-Bounds Memory Write via BPF_BTF_LOAD

Title source: llm
STIX 2.1

Description

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

References (9)

Core 9
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2044578
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220519-0001/

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 9.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-787
Status published
Products (11)
fedoraproject/fedora 34
fedoraproject/fedora 35
linux/linux_kernel 5.10 - 5.15.37
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
... and 1 more
Published Mar 25, 2022
Tracked Since Feb 18, 2026