| Vulnerability Name: | CVE-2022-2196 (CCN-244830) | ||||||||||||||||||||
| Assigned: | 2022-11-30 | ||||||||||||||||||||
| Published: | 2022-11-30 | ||||||||||||||||||||
| Updated: | 2023-05-03 | ||||||||||||||||||||
| Summary: | Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a regression within KVM: nVMX that allowed for speculative execution attacks. An attacker could exploit this vulnerability to execute code on an indirect branch on the host machine. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L) 5.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-2196 Source: XF Type: UNKNOWN linux-kernel-cve20222196-code-exec(244830) Source: CCN Type: Linux Kernel GIT Repository KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS Source: cve-coordination@google.com Type: Mailing List, Patch, Vendor Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: UNKNOWN cve-coordination@google.com | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||