Managed SOC Vs Managed XDR — Part 1
April 8, 2022Rewterz Threat Advisory – Multiple IBM Vulnerabilities
April 11, 2022Managed SOC Vs Managed XDR — Part 1
April 8, 2022Rewterz Threat Advisory – Multiple IBM Vulnerabilities
April 11, 2022Severity
Medium
Analysis Summary
CVE-2022-1263 CVSS:5.1
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the kvm_dirty_ring_push function in virt/kvm/dirty_ring.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-1158 CVSS:7
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with allowing cmpxchg_gpte function to write to pfns outside the userspace region. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
Impact
- Denial of Service
- Privilege Escalation
Indicator Of Compromise
CVE
- CVE-2022-1263
- CVE-2022-1158
Affected Vendors
Linux
Affected Products
- Linux Kernel 5.2
- Linux Kernel 5.3
- Linux Kernel 5.4
- Linux Kernel 5.5
- Linux Kernel
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade, or suggested workaround information.