{"api_version":"1","generated_at":"2026-04-22T21:38:42+00:00","cve":"CVE-2022-2503","urls":{"html":"https://cve.report/CVE-2022-2503","api":"https://cve.report/api/cve/CVE-2022-2503.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2503","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2503"},"summary":{"title":"CVE-2022-2503","description":"Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5","state":"PUBLIC","assigner":"security@google.com","published_at":"2022-08-12 11:15:00","updated_at":"2023-02-14 13:15:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20230214-0005/","name":"https://security.netapp.com/advisory/ntap-20230214-0005/","refsource":"CONFIRM","tags":[],"title":"August 2022 Linux Kernel 5.18 Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m","name":"N/A","refsource":"CONFIRM","tags":[],"title":"Linux: LoadPin bypass via dm-verity table reload · Advisory · google/security-research · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2503","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2503","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"2503","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2503","qid":"160123","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9852)"},{"cve":"CVE-2022-2503","qid":"180951","title":"Debian Security Update for linux (CVE-2022-2503)"},{"cve":"CVE-2022-2503","qid":"198921","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5594-1)"},{"cve":"CVE-2022-2503","qid":"198927","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-5599-1)"},{"cve":"CVE-2022-2503","qid":"198929","title":"Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5602-1)"},{"cve":"CVE-2022-2503","qid":"198942","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5616-1)"},{"cve":"CVE-2022-2503","qid":"198949","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5622-1)"},{"cve":"CVE-2022-2503","qid":"198950","title":"Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5623-1)"},{"cve":"CVE-2022-2503","qid":"198954","title":"Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5630-1)"},{"cve":"CVE-2022-2503","qid":"198962","title":"Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5639-1)"},{"cve":"CVE-2022-2503","qid":"198966","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5647-1)"},{"cve":"CVE-2022-2503","qid":"198970","title":"Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5654-1)"},{"cve":"CVE-2022-2503","qid":"198974","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5660-1)"},{"cve":"CVE-2022-2503","qid":"199560","title":"Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6001-1)"},{"cve":"CVE-2022-2503","qid":"199568","title":"Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6013-1)"},{"cve":"CVE-2022-2503","qid":"199577","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6014-1)"},{"cve":"CVE-2022-2503","qid":"242151","title":"Red Hat Update for kernel security (RHSA-2023:5627)"},{"cve":"CVE-2022-2503","qid":"377117","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)"},{"cve":"CVE-2022-2503","qid":"377871","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0001)"},{"cve":"CVE-2022-2503","qid":"390268","title":"Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0026)"},{"cve":"CVE-2022-2503","qid":"672205","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2466)"},{"cve":"CVE-2022-2503","qid":"672278","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2686)"},{"cve":"CVE-2022-2503","qid":"672286","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2654)"},{"cve":"CVE-2022-2503","qid":"672354","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2732)"},{"cve":"CVE-2022-2503","qid":"672391","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2767)"},{"cve":"CVE-2022-2503","qid":"672711","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-1507)"},{"cve":"CVE-2022-2503","qid":"752668","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3586-1)"},{"cve":"CVE-2022-2503","qid":"752669","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3587-1)"},{"cve":"CVE-2022-2503","qid":"752671","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3584-1)"},{"cve":"CVE-2022-2503","qid":"752700","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3688-1)"},{"cve":"CVE-2022-2503","qid":"752702","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3693-1)"},{"cve":"CVE-2022-2503","qid":"752708","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)"},{"cve":"CVE-2022-2503","qid":"752724","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3775-1)"},{"cve":"CVE-2022-2503","qid":"753370","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)"},{"cve":"CVE-2022-2503","qid":"753374","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)"},{"cve":"CVE-2022-2503","qid":"902750","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563)"},{"cve":"CVE-2022-2503","qid":"902755","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559)"},{"cve":"CVE-2022-2503","qid":"904128","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559-1)"},{"cve":"CVE-2022-2503","qid":"904212","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563-1)"},{"cve":"CVE-2022-2503","qid":"905843","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563-2)"},{"cve":"CVE-2022-2503","qid":"906334","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559-2)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@google.com","ID":"CVE-2022-2503","STATE":"PUBLIC","TITLE":"Linux Kernel LoadPin bypass via dm-verity table reload"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Linux Kernel","version":{"version_data":[{"version_affected":"<","version_value":"4caae58406f8ceb741603eee460d79bacca9b1b5"}]}}]},"vendor_name":"Linux Kernel"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-302 Authentication Bypass by Assumed-Immutable Data"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m","name":"https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230214-0005/","url":"https://security.netapp.com/advisory/ntap-20230214-0005/"}]},"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-08-12 11:15:00","lastModifiedDate":"2023-02-14 13:15:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}