CVE-2022-2977

Updated: 2023-11-04 20:33:26.991797

Description:

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Needs Triage 2024-02-06 08:31:15
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH In Testing 2024-02-06 02:56:12
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2022-11-29 16:03:41
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1695715460 2023-09-26 05:16:45
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1695716575 2023-09-26 05:16:46
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2022-11-29 16:03:41
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2022-11-29 16:03:41
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Not Vulnerable 2022-11-29 16:03:41
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released 2023-02-03 10:04:45
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Already Fixed 2023-06-02 09:10:21