{"id":"CVE-2022-2991","details":"A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.","modified":"2026-03-14T11:44:11.439934Z","published":"2022-08-25T18:15:10.363Z","related":["SUSE-SU-2022:3263-1","SUSE-SU-2022:3294-1","SUSE-SU-2023:0634-1","SUSE-SU-2023:0768-1","SUSE-SU-2023:0852-1","SUSE-SU-2023:1971-1","SUSE-SU-2023:1973-1","SUSE-SU-2023:1983-1","SUSE-SU-2023:2007-1","SUSE-SU-2023:2023-1","SUSE-SU-2025:0834-1"],"references":[{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-22-960/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.15"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2991.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}