CVE-2022-40673
HIGHKDiskMark < 3.1.0 - Unauthenticated Missing Authorization via D-Bus Helper Methods
Title source: llmDescription
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
References (5)
Core 5
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/JonMagon/KDiskMark/releases/tag/3.1.0
Patch, Third Party Advisory x_refsource_misc
https://github.com/JonMagon/KDiskMark/commit/3c90083a4f5ba3f240a797e509d818221542bbdc
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/JonMagon/KDiskMark/compare/3.0.0...3.1.0
Exploit, Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/09/14/1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYO3GWTNPHNCLHSI562Q3KX43PW7FQ4Q/
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (2)
fedoraproject/fedora
36
kdiskmark_project/kdiskmark
< 3.1.0
Published
Sep 14, 2022
Tracked Since
Feb 18, 2026