CVE-2022-23091

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-23091
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc
https://security.netapp.com/advisory/ntap-20240415-0008/
https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc
https://security.netapp.com/advisory/ntap-20240415-0008/
Configurations

No configuration.

History

21 Nov 2024, 06:47

Type Values Removed Values Added
References () https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc - () https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc -
References () https://security.netapp.com/advisory/ntap-20240415-0008/ - () https://security.netapp.com/advisory/ntap-20240415-0008/ -

28 Oct 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.0
CWE CWE-401

14 May 2024, 10:18

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240415-0008/ -
Summary
  • (es) Un caso particular de compartir memoria se maneja mal en el sistema de memoria virtual. Esto es muy similar a SA-21:08.vm, pero con una causa raíz diferente. Un proceso de usuario local sin privilegios puede mantener un mapeo de una página después de que se libera, lo que permite que ese proceso lea datos privados que pertenecen a otros procesos o al kernel.

15 Feb 2024, 06:23

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-15 06:15

Updated : 2024-11-21 06:47

NVD link : CVE-2022-23091

Mitre link : CVE-2022-23091

CVE.ORG link : CVE-2022-23091

JSON object : View

Products Affected

No product.

CWE
CWE-401

Missing Release of Memory after Effective Lifetime