CVE-2022-2991

MEDIUM Year: 2022
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-122
View all →

Vulnerability Description

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

Related Vulnerabilities

CVE-2021-21554

MEDIUM
CVSS:6.7(Medium)

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane D...

CWE-1222021

CVE-2021-21555

MEDIUM
CVSS:6.7(Medium)

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious use...

CWE-1222021

CVE-2021-25475

MEDIUM
CVSS:6.7(Medium)

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

CWE-1222021

CVE-2021-28211

MEDIUM
CVSS:6.7(Medium)

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

CWE-1222021

CVE-2022-34454

MEDIUM
CVSS:6.7(Medium)

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impa...

CWE-1222022

CVE-2023-30763

MEDIUM
CVSS:6.7(Medium)

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-1222023