CVE-2022-1729: Race Condition
First published: Mon May 16 2022(Updated: )
A race condition in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.71.1.rt56.1212.el7 | 0:3.10.0-1160.71.1.rt56.1212.el7 |
| redhat/kernel | <0:3.10.0-1160.71.1.el7 | 0:3.10.0-1160.71.1.el7 |
| redhat/kernel | <0:3.10.0-514.104.1.el7 | 0:3.10.0-514.104.1.el7 |
| redhat/kernel | <0:3.10.0-693.103.1.el7 | 0:3.10.0-693.103.1.el7 |
| redhat/kernel | <0:3.10.0-957.97.1.el7 | 0:3.10.0-957.97.1.el7 |
| redhat/kernel | <0:3.10.0-1062.70.1.el7 | 0:3.10.0-1062.70.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.16.1.rt7.173.el8_6 | 0:4.18.0-372.16.1.rt7.173.el8_6 |
| redhat/kernel | <0:4.18.0-372.16.1.el8_6 | 0:4.18.0-372.16.1.el8_6 |
| redhat/kernel | <0:4.18.0-147.70.1.el8_1 | 0:4.18.0-147.70.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.87.1.rt13.137.el8_2 | 0:4.18.0-193.87.1.rt13.137.el8_2 |
| redhat/kernel | <0:4.18.0-193.87.1.el8_2 | 0:4.18.0-193.87.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.57.1.rt7.129.el8_4 | 0:4.18.0-305.57.1.rt7.129.el8_4 |
| redhat/kernel | <0:4.18.0-305.57.1.el8_4 | 0:4.18.0-305.57.1.el8_4 |
| redhat/kernel | <0:5.14.0-70.17.1.el9_0 | 0:5.14.0-70.17.1.el9_0 |
| redhat/kernel-rt | <0:5.14.0-70.17.1.rt21.89.el9_0 | 0:5.14.0-70.17.1.rt21.89.el9_0 |
| redhat/kernel | <5.18 | 5.18 |
| Linux Kernel | >=3.2.85<3.3 | |
| Linux Kernel | >=3.16.40<3.17 | |
| Linux Kernel | >=3.18.54<3.19 | |
| Linux Kernel | >=4.0.0<4.9.316 | |
| Linux Kernel | >=4.10<4.14.281 | |
| Linux Kernel | >=4.15<4.19.245 | |
| Linux Kernel | >=4.20<5.4.196 | |
| Linux Kernel | >=5.5.0<5.10.118 | |
| Linux Kernel | >=5.11<5.15.42 | |
| Linux Kernel | >=5.16<5.17.10 | |
| netapp hci baseboard management controller | =h300s | |
| netapp hci baseboard management controller | =h410s | |
| netapp hci baseboard management controller | =h500s | |
| netapp hci baseboard management controller | =h700s | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704
- https://security.netapp.com/advisory/ntap-20230214-0006/
- https://www.openwall.com/lists/oss-security/2022/05/20/2
- https://www.cve.org/CVERecord?id=CVE-2022-1729 https://nvd.nist.gov/vuln/detail/CVE-2022-1729
- https://bugzilla.redhat.com/show_bug.cgi?id=2086753
- https://access.redhat.com/errata/RHSA-2022:5236
- https://access.redhat.com/errata/RHSA-2022:5232
- https://access.redhat.com/errata/RHSA-2022:5806
- https://access.redhat.com/errata/RHSA-2022:5157
- https://access.redhat.com/errata/RHSA-2022:6432
- https://access.redhat.com/errata/RHSA-2022:6741
- https://access.redhat.com/errata/RHSA-2022:5565
- https://access.redhat.com/errata/RHSA-2022:5564
- https://access.redhat.com/errata/RHSA-2022:5636
- https://access.redhat.com/errata/RHSA-2022:5224
- https://access.redhat.com/errata/RHSA-2022:5220
- https://access.redhat.com/errata/RHSA-2022:5633
- https://access.redhat.com/errata/RHSA-2022:5626
- https://access.redhat.com/errata/RHSA-2022:5249
- https://access.redhat.com/errata/RHSA-2022:5267
- https://access.redhat.com/security/cve/cve-2022-1729
- https://launchpad.net/bugs/cve/CVE-2022-1729
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2089288
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2089289
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
- https://nvd.nist.gov/vuln/detail/CVE-2022-1729
- https://security-tracker.debian.org/tracker/CVE-2022-1729
- https://ubuntu.com/security/CVE-2022-1729
- https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-1729
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.2.85
- version/linux kernel/3.16.40
- version/linux kernel/3.18.54
- version/linux kernel/4.0.0
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5.0
- version/linux kernel/5.11
- version/linux kernel/5.16
- vendor/netapp
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h700s
- package-manager/debian