Vulnerability in Oracle Solaris LDoms Affects Oracle Systems
CVE-2022-21610

3.3LOW

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 18 October 2022

Summary

A vulnerability exists in the LDoms component of Oracle Solaris that allows a low-privileged attacker with logon access to the system to potentially compromise the integrity and availability of the operating environment. Exploitation of this vulnerability necessitates human interaction, meaning an outside actor cannot initiate the attack without involvement from an unsuspecting user. Successfully leveraging this vulnerability may lead to unauthorized read access to specific data sets and may cause partial denial of service, affecting the normal functioning of Oracle Solaris.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021