Bug 2084183 (CVE-2022-21499) - CVE-2022-21499 kernel: possible to use the debugger to write zero into a location of choice
Summary: CVE-2022-21499 kernel: possible to use the debugger to write zero into a loca...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-21499
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2096817 2104748 2104749 2104750 2104751
Blocks: 2084172
TreeView+ depends on / blocked
 
Reported: 2022-05-11 15:30 UTC by Marian Rehak
Modified: 2024-02-08 16:51 UTC (History)
52 users (show)

Fixed In Version: kernel 5.19 rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the kernel/debug/debug_core.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously.
Clone Of:
Environment:
Last Closed: 2022-12-05 16:35:26 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7444 0 None None None 2022-11-08 09:10:09 UTC
Red Hat Product Errata RHSA-2022:7683 0 None None None 2022-11-08 10:09:34 UTC
Red Hat Product Errata RHSA-2022:7933 0 None None None 2022-11-15 09:45:07 UTC
Red Hat Product Errata RHSA-2022:8267 0 None None None 2022-11-15 10:47:59 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:28:59 UTC

Description Marian Rehak 2022-05-11 15:30:58 UTC 
A flaw was found in kernel/debug/debug_core.c in the Linux kernel in the lockdown mode.  In this flaw, an attacker with local access could trigger the debugger, bypass lockdown and write anonymously.

In this flaw, KGDB and KDB allow read and write access to kernel memory, and thus should not be allowed during lockdown. An attacker with access to a serial port could trigger the debugger and use it to bypass lockdown.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eadb2f47a3ced5c64b23b90fd2a3463f63726066
Comment 2 Marian Rehak 2022-06-14 11:14:20 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2096817]
Comment 3 John Haxby 2022-06-14 15:16:53 UTC 
https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066
Comment 4 Justin M. Forbes 2022-06-16 14:12:40 UTC 
This was fixed for Fedora with the 5.17.10 stable kernel updates.
Comment 12 errata-xmlrpc 2022-11-08 09:10:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
Comment 13 errata-xmlrpc 2022-11-08 10:09:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
Comment 14 errata-xmlrpc 2022-11-15 09:45:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 15 errata-xmlrpc 2022-11-15 10:47:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 16 Product Security DevOps Team 2022-12-05 16:35:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21499
Comment 20 errata-xmlrpc 2024-02-07 16:28:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Note You need to log in before you can comment on or make changes to this bug.