CVE-2022-26486

Public on 2022-03-08

Modified on 2023-01-09

Description

The Mozilla Foundation Security Advisory describes this flaw as:

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.

Severity

Critical

See what this means

CVSS v3 Base Score

8.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	thunderbird	2022-04-25 22:56	ALAS2-2022-1779

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv3	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

Red Hat: CVE-2022-26486 Mitre: CVE-2022-26486 FAQs regarding Amazon Linux ALAS/CVE Severity