QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2977

Published: Sep 14, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Vendor	Product	Versions
n/a	Linux kernel	affected `Linux kernel versions prior to 5.18`

Weaknesses (CWE)

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f

https://security.netapp.com/advisory/ntap-20230214-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.