References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
          *cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
          *cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*
          *cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*

Oracle: https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b Types: Broken Link

Oracle: https://linux.oracle.com/cve/CVE-2022-21505.html Types: Vendor Advisory

CWE-346

In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b

https://linux.oracle.com/cve/CVE-2022-21505.html