Is CVE-2022-0563 actively exploited?

CVE-2022-0563 has no public evidence of in-the-wild exploitation as of 2025-06-09.

What is the CVSS score for CVE-2022-0563?

CVE-2022-0563 has a CVSS score of 5.5 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2022-0563?

Patch guidance is available from kernel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-0563.

CVE-2022-0563 - remediation guidance & executive summary

Q: Which products are affected by CVE-2022-0563?

2 products: kernel util-linux, netapp ontap select deploy administration utility.

Description

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-209 CWE-209

Metadata

Primary Vendor: KERNEL
Published: 2/21/2022
Last Modified: 6/9/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

kernel : util-linuxnetapp : ontap_select_deploy_administration_utility

Remediation Guidance

Executive Summary

Cite this page

CVE-2022-0563. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-0563

View on NIST NVD

CVE-2022-0563 vulnerability