Published: 16/02/2022 Updated: 09/11/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

In the Linux kernel up to and including 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
netapp baseboard_management_controller_firmware -

Synopsis Moderate: Logging Subsystem 572 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 572 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...

Synopsis Critical: Red Hat Advanced Cluster Management 266 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 266 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Securit ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...

Synopsis Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

In the Linux kernel through 51610, certain binary files may have the exec-all attribute if they were built in approximately 2003 (eg, with GCC 322 and Linux kernel 2420) This can cause execution of bytes located in supposedly non-executable regions of a file ...

Bypassing Linux Executable Space Protection using 20+ years old tools (CVE-2022-25265).

Executable Space Protection Bypass (CVE-2022-25265) This POC demonstrates execution of bytes located in supposedly non-executable region of binary, therefore completely bypassing executable-space protection The root cause of this can be found here: githubcom/torvalds/linux/blob/master/arch/x86/include/asm/elfh#L280 Brief As it turns out, binary files built on either

CWE-913 https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294 https://github.com/x0reaxeax/exec-prot-bypass https://security.netapp.com/advisory/ntap-20220318-0005/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3495 https://github.com/x0reaxeax/exec-prot-bypass

CVE-2022-25265

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect