CVE-2022-38014: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Nov

Released

2022-11-08

Last Updated

2023-01-23

EPSS Score

0.30% (percentile: 53.3%)

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.

Affected Products (2)

Open Source Software

• Windows Subsystem for Linux (WSL2)

Azure

• Azure EFLOW

Security Updates (2)

• Release Notes
• Release Notes

Acknowledgments

Microsoft Offensive Research & Security Engineering (MORSE)

Revision History

• 2022-11-08: Information published.
• 2023-01-23: Updated the build numbers. This is an informational update only.