CVE-2022-42464 - OpenCVE

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openharmony	Openharmony

Configuration 1 [-]

OR	cpe:2.3:a:openharmony:openharmony::::::::
	cpe:2.3:a:openharmony:openharmony::::::::

References

Link	Resource
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2022-10-11T00:00:00

Updated: 2022-10-14T00:00:00

Reserved: 2022-10-08T00:00:00

Link: CVE-2022-42464

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-14T15:16:25.617

Modified: 2022-10-18T19:39:13.863

Link: CVE-2022-42464

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42464", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "assignerShortName": "OpenHarmony", "datePublished": "2022-10-11T00:00:00", "dateUpdated": "2022-10-14T00:00:00", "dateReserved": "2022-10-08T00:00:00"}, "containers": {"cna": {"title": "Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ...", "datePublic": "2022-10-11T00:00:00", "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2022-10-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot."}], "affected": [{"vendor": "OpenHarmony", "product": "OpenHarmony", "versions": [{"version": "OpenHarmony-v3.1.x-Release", "status": "affected", "lessThanOrEqual": "3.1.2", "versionType": "custom"}, {"version": "OpenHarmony-v3.0.x-LTS", "status": "affected", "lessThanOrEqual": "3.0.6", "versionType": "custom"}]}], "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276 Incorrect Default Permissions", "cweId": "CWE-276"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}, "x_ConverterErrors": {"TITLE": {"error": "TITLE too long. Truncating in v5 record.", "message": "Truncated!"}}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F276BBF-B42F-41CC-8E94-158003441CCA", "versionEndIncluding": "3.0.6", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*", "matchCriteriaId": "C026D184-A8AE-4DE6-A339-EA4469DDD4E7", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot."}, {"lang": "es", "value": "OpenHarmony versiones v3.1.2 y versiones anteriores, 3.0.6 y versiones anteriores, presentan una vulnerabilidad de anulaci\u00f3n del pool de memoria del Kernel en el controlador de dispositivo /dev/mmz_userdev. El impacto depende de los privilegios del atacante. El proceso no privilegiado que sea ejecutado en el dispositivo podr\u00eda divulgar informaci\u00f3n confidencial, incluyendo el puntero del kernel, que podr\u00eda ser usado en otros ataques. Los procesos con UID de usuario del sistema que es ejecutado en el dispositivo podr\u00edan mmap pools de memoria usados por el kernel y anularlos, lo que podr\u00eda usarse para obtener una ejecuci\u00f3n de c\u00f3digo del kernel en el dispositivo, obtener privilegios de root o causar el reinicio del dispositivo"}], "id": "CVE-2022-42464", "lastModified": "2022-10-18T19:39:13.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "scy@openharmony.io", "type": "Secondary"}]}, "published": "2022-10-14T15:16:25.617", "references": [{"source": "scy@openharmony.io", "tags": ["Vendor Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "scy@openharmony.io", "type": "Secondary"}]}