CVE-2022-28653
Published: 31 January 2025
Summary
CVE-2022-28653 is a high-severity an unspecified weakness vulnerability in Canonical Apport. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-6 (Resource Availability) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the flaw permitting unlimited disk consumption in /var/crash through timely patching and flaw correction.
Limits disk resource availability by user, process, or directory to prevent exhaustion of /var/crash from unauthorized consumption.
Implements denial-of-service protections at network entry points to mitigate remotely exploitable resource exhaustion attacks.
NVD Description
Users can consume unlimited disk space in /var/crash
Deeper analysisAI
CVE-2022-28653 is a vulnerability that allows users to consume unlimited disk space in the /var/crash directory. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with no confidentiality or integrity effects. No specific software or component is detailed in the available information, and it maps to NVD-CWE-noinfo.
Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables denial-of-service by filling the /var/crash directory with unlimited data, potentially exhausting disk resources and disrupting system operations.
The primary reference is the official CVE record at https://www.cve.org/CVERecord?id=CVE-2022-28653, published on 2025-01-31. No specific mitigation or patch details are provided in the available data.
Details
- CWE(s)