CVE-2022-21504
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
En el código de UEK6 U3 faltaba un recuento de descriptor de archivo adecuado para ser liberado. Esto daba lugar a un error de recuento de uso que permitía cerrar y liberar un descriptor de archivo de un socket mientras seguía siendo utilizado por otra parte del kernel. Un ataque con acceso local puede operar sobre el socket y causar una denegación de servicio. Puntuación de base CVSS 3.1 5.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-15 CVE Reserved
- 2022-06-14 CVE Published
- 2024-09-24 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/oracle/linux-uek/commit/49c68f5f892d8c2be00e0a89ff2a035422c03b59 | 2022-09-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 8 Search vendor "Oracle" for product "Linux" and version "8" | - |
Affected
| ||||||