Kernel Debugger Vulnerability in Debian
CVE-2022-21499

6.7MEDIUM

Key Information:

Vendor

Oracle
Status
Oracle Linux
Oracle Vm
Vendor
CVE Published:
9 June 2022

What is CVE-2022-21499?

This vulnerability allows unauthorized read and write access to kernel memory through the KGDB and KDB interfaces. Attackers with access to the system's serial port can exploit this vulnerability by triggering the kernel debugger, which may not adhere to the lockdown restrictions. This poses a significant threat to the confidentiality, integrity, and availability of the system as it enables potential manipulation or exposure of sensitive kernel memory data.

Affected Version(s)

Oracle Linux Oracle Linux: 6

Oracle Linux Oracle Linux: 7

Oracle Linux Oracle Linux: 8

References

https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3...
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5161
vendor-advisoryx_refsource_DEBIAN
http://packetstormsecurity.com/files/168191/Kernel-Live-P...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.