CVE-2022-48613

Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://consumer.huawei.com/en/support/bulletin/2023/11/	Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:huawei:emui:12.0.0:::::::*
	cpe:2.3:o:huawei:emui:13.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*

History

No history.

Information

Published : 2023-11-08 10:15

Updated : 2023-11-14 20:05

NVD link : CVE-2022-48613

Mitre link : CVE-2022-48613

CVE.ORG link : CVE-2022-48613

JSON object : View

Products Affected

huawei

harmonyos
emui

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2022-48613", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-11-08T10:15:08.400", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed."}, {"lang": "es", "value": "Vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en el m\u00f3dulo del kernel. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que los valores de las variables se lean sin pasar omitiendo la evaluaci\u00f3n de la condici\u00f3n."}], "lastModified": "2023-11-14T20:05:24.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"}, {"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}