CVE-2022-21505 (GCVE-0-2022-21505)

Vulnerability from cvelistv5 – Published: 2024-12-24 18:48 – Updated: 2024-12-27 16:52
VLAI
Summary
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Severity
6.7 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Assigner
References
Impacted products
Vendor Product Version
Oracle Corporation Oracle Linux Affected: Oracle Linux: 7
Affected: Oracle Linux: 8
Affected: Oracle Linux: 9
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-27T16:51:57.672286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-346",
                "description": "CWE-346 Origin Validation Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-27T16:52:05.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Linux",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Linux: 7"
            },
            {
              "status": "affected",
              "version": "Oracle Linux: 8"
            },
            {
              "status": "affected",
              "version": "Oracle Linux: 9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the linux kernel, if IMA appraisal is used with the \"ima_appraise=log\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \"ima_appraise=log\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "In the linux kernel, if IMA appraisal is used with the \"ima_appraise=log\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \"ima_appraise=log\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-24T18:48:23.588Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Github commit",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b"
        },
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://linux.oracle.com/cve/CVE-2022-21505.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21505",
    "datePublished": "2024-12-24T18:48:23.588Z",
    "dateReserved": "2021-11-15T19:29:08.891Z",
    "dateUpdated": "2024-12-27T16:52:05.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-21505",
      "date": "2026-05-29",
      "epss": "0.0007",
      "percentile": "0.21533"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-21505\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-12-24T19:15:06.763\",\"lastModified\":\"2025-06-18T20:42:10.643\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the linux kernel, if IMA appraisal is used with the \\\"ima_appraise=log\\\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \\\"ima_appraise=log\\\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, si se utiliza la evaluaci\u00f3n IMA con el par\u00e1metro de arranque \\\"ima_appraise=log\\\", el bloqueo se puede anular con kexec en cualquier m\u00e1quina cuando el arranque seguro est\u00e1 deshabilitado o no est\u00e1 disponible. IMA impide configurar \\\"ima_appraise=log\\\" desde el par\u00e1metro de arranque cuando el arranque seguro est\u00e1 habilitado, pero esto no cubre los casos en los que se utiliza el bloqueo sin arranque seguro. CVSS 3.1 Puntuaci\u00f3n base 6,7 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B8FEDF-6CB0-46E9-9AD7-4445B001C158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA9021D6-6027-42E9-A12D-7EA32C5C63F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E6116DA-D643-4C6D-8B90-0A41125F1EF0\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://linux.oracle.com/cve/CVE-2022-21505.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-21505\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-27T16:51:57.672286Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-346\", \"description\": \"CWE-346 Origin Validation Error\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-27T16:50:57.849Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Linux: 7\"}, {\"status\": \"affected\", \"version\": \"Oracle Linux: 8\"}, {\"status\": \"affected\", \"version\": \"Oracle Linux: 9\"}]}], \"references\": [{\"url\": \"https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b\", \"name\": \"Github commit\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://linux.oracle.com/cve/CVE-2022-21505.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the linux kernel, if IMA appraisal is used with the \\\"ima_appraise=log\\\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \\\"ima_appraise=log\\\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"In the linux kernel, if IMA appraisal is used with the \\\"ima_appraise=log\\\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \\\"ima_appraise=log\\\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-12-24T18:48:23.588Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-21505\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-27T16:52:05.331Z\", \"dateReserved\": \"2021-11-15T19:29:08.891Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-12-24T18:48:23.588Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.