Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-24122

Published: 29/01/2022 Updated: 28/12/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

kernel/ucount.c in the Linux kernel 5.14 up to and including 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

netapp h410c_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Ubuntu Security Notice: USN-5278-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2022-24122
kernel/ucountc in the Linux kernel 514 through 5164, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace ...

Github Repositories

https://github.com/meowmeowxw/CVE-2022-24122

CVE-2022-24122 Proof of Concept

CVE-2022-24122 Simple Denial of Service using CVE-2022-24122 It works with 1 core system and it has ~80% probability of success with 2 cores

References

CWE-416https://www.openwall.com/lists/oss-security/2022/01/29/1https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5https://security.netapp.com/advisory/ntap-20220221-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B/https://ubuntu.com/security/notices/USN-5278-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook