CVE-2022-2503
Summary
| CVE | CVE-2022-2503 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-12 11:15:00 UTC |
|---|
| Updated | 2023-02-14 13:15:00 UTC |
|---|
| Description | Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| August 2022 Linux Kernel 5.18 Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| Linux: LoadPin bypass via dm-verity table reload · Advisory · google/security-research · GitHub |
CONFIRM |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160123 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9852)
- 180951 Debian Security Update for linux (CVE-2022-2503)
- 198921 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5594-1)
- 198927 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-5599-1)
- 198929 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5602-1)
- 198942 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5616-1)
- 198949 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5622-1)
- 198950 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5623-1)
- 198954 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5630-1)
- 198962 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5639-1)
- 198966 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5647-1)
- 198970 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5654-1)
- 198974 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5660-1)
- 199560 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6001-1)
- 199568 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6013-1)
- 199577 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6014-1)
- 242151 Red Hat Update for kernel security (RHSA-2023:5627)
- 377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
- 377871 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0001)
- 390268 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0026)
- 672205 EulerOS Security Update for kernel (EulerOS-SA-2022-2466)
- 672278 EulerOS Security Update for kernel (EulerOS-SA-2022-2686)
- 672286 EulerOS Security Update for kernel (EulerOS-SA-2022-2654)
- 672354 EulerOS Security Update for kernel (EulerOS-SA-2022-2732)
- 672391 EulerOS Security Update for kernel (EulerOS-SA-2022-2767)
- 672711 EulerOS Security Update for kernel (EulerOS-SA-2023-1507)
- 752668 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3586-1)
- 752669 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3587-1)
- 752671 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3584-1)
- 752700 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3688-1)
- 752702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3693-1)
- 752708 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)
- 752724 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3775-1)
- 753370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)
- 753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
- 902750 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563)
- 902755 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559)
- 904128 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559-1)
- 904212 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563-1)
- 905843 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563-2)
- 906334 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559-2)
