CVE-2022-25265

Summary

CVE	CVE-2022-25265
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-16 21:15:00 UTC
Updated	2023-11-09 14:44:00 UTC
Description	In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Risk And Classification

Problem Types: CWE-913

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Netapp	Baseboard Management Controller Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410c	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700s Firmware	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All

References

Reference	Source	Link	Tags
linux/elf.h at 1c33bb0507508af24fd754dd7123bd8e997fab2f · torvalds/linux · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE-2022-25265 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
GitHub - x0reaxeax/exec-prot-bypass: Bypassing Linux Executable Space Protection using 20+ years old tools.	MISC	github.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160692 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2951)
241504 Red Hat Update for kernel security (RHSA-2023:2951)
241527 Red Hat Update for kernel-rt (RHSA-2023:2736)
242890 Red Hat Update for kernel (RHSA-2024:0724)
900685 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8640)
901966 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8641-1)
906089 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8640-1)
906490 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8641-2)
941096 AlmaLinux Security Update for kernel (ALSA-2023:2951)
941114 AlmaLinux Security Update for kernel-rt (ALSA-2023:2736)