Attacker Value
Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2022-21839

Disclosure Date: January 11, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

Add Assessment

2
Ratings
Technical Analysis

This appears to be a bug in Windows Event Tracing which is a kernel level tracing facility in Windows that allows you to log kernel events or application defined events to a log file. The bug occurs due to something related to Discretionary Access Control Lists or DACLS for short. DACLs in Windows are an access control mechanism made up of a bunch of ACE, or Access Control Entries, put together into a list. Note however that if a DACL does not exist on an object, everyone is allowed access to it and if a DACL is set on an object but not ACE entries are added to the DACL, no one is allowed access to it.

My guess is that somehow it is possible to create a DACL on a specific file or object as any authenticated user that does not have any ACE entries associated with it and thereby cause a component to stop working completely due to its need to access that file. Adding to the fact that this only causes a DoS, is the fact that this bug supposedly only works on Windows 10 1809 and Windows Server 2019, which further limits its impact.

Overall a pretty low impact bug in my opinion.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • windows 10 1809,
  • windows server 2019 -

Additional Info

Technical Analysis