CVE-2022-21499

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21499

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21499.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21499

Downstream

DEBIAN-CVE-2022-21499

DSA-5161-1

OESA-2022-1727

RHSA-2022:7444

RHSA-2022:7683

RHSA-2022:7933

RHSA-2022:8267

RHSA-2024:0724

SUSE-SU-2022:2077-1

SUSE-SU-2022:2080-1

SUSE-SU-2022:2082-1

SUSE-SU-2022:2103-1

SUSE-SU-2022:2111-1

SUSE-SU-2022:2116-1

SUSE-SU-2022:2393-1

SUSE-SU-2022:2438-1

SUSE-SU-2022:2444-1

SUSE-SU-2022:2446-1

SUSE-SU-2022:2461-1

SUSE-SU-2022:2482-1

SUSE-SU-2022:2520-1

SUSE-SU-2022:2615-1

SUSE-SU-2022:2629-1

SUSE-SU-2023:0416-1

UBUNTU-CVE-2022-21499

LSN-0086-1

LSN-0089-1

USN-5465-1

USN-5466-1

USN-5467-1

USN-5468-1

USN-5469-1

USN-5470-1

USN-5471-1

USN-5484-1

Related

Published

2022-06-09T21:15:07Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

References

Affected packages