Wind River Support Network


LIN1021-4215 : Security Advisory - linux - CVE-2022-2991

Created: Aug 25, 2022    Updated: Sep 4, 2022
Resolved Date: Aug 29, 2022
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel


A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

CREATE(Triage):(User=admin) CVE-2022-2991 (


Live chat