Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-4379 (GCVE-0-2022-4379)
Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-04-08 18:40
VLAI
EPSS
Summary
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
Severity
7.5 (High)
CWE
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux kernel |
Affected:
Linux kernel through v6.1-rc8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2022/q4/185"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0"
},
{
"name": "FEDORA-2023-f4f9182dc8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/"
},
{
"name": "FEDORA-2023-3fd7349f60",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T18:38:30.349924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:40:03.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel through v6.1-rc8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:06:55.565Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://seclists.org/oss-sec/2022/q4/185"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0"
},
{
"name": "FEDORA-2023-f4f9182dc8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/"
},
{
"name": "FEDORA-2023-3fd7349f60",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4379",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-04-08T18:40:03.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-4379",
"date": "2026-05-28",
"epss": "0.00281",
"percentile": "0.51627"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-4379\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-01-10T22:15:14.097\",\"lastModified\":\"2025-04-08T19:15:46.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de use after free en __nfs42_ssc_open() en fs/nfs/nfs4file.c en el kernel de Linux. Este fallo permite a un atacante realizar una denegaci\u00f3n remota\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.10.177\",\"matchCriteriaId\":\"98341430-98CD-48EB-BD2E-D8C7105EDE74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.105\",\"matchCriteriaId\":\"0888AE70-CB0A-45C0-B9BD-A5371244C8DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.3\",\"matchCriteriaId\":\"59C906A3-824B-46E7-861F-1FF4044063A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/oss-sec/2022/q4/185\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/oss-sec/2022/q4/185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230223-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20230223-0004/\"}, {\"url\": \"https://seclists.org/oss-sec/2022/q4/185\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/\", \"name\": \"FEDORA-2023-f4f9182dc8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/\", \"name\": \"FEDORA-2023-3fd7349f60\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:41:44.450Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T18:38:30.349924Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T18:38:55.697Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Linux kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"Linux kernel through v6.1-rc8\"}]}], \"references\": [{\"url\": \"https://seclists.org/oss-sec/2022/q4/185\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/\", \"name\": \"FEDORA-2023-f4f9182dc8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/\", \"name\": \"FEDORA-2023-3fd7349f60\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-05-03T00:06:55.565Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-4379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T18:40:03.110Z\", \"dateReserved\": \"2022-12-09T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-01-10T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2023:0277-1
Vulnerability from csaf_suse - Published: 2023-02-07 06:34 - Updated: 2023-02-07 06:34Summary
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:
- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).
Patchnames: SUSE-2023-277,SUSE-SLE-Module-Live-Patching-15-SP4-2023-277
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).\n- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).\n- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-277,SUSE-SLE-Module-Live-Patching-15-SP4-2023-277",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0277-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0277-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230277-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0277-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013637.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204167",
"url": "https://bugzilla.suse.com/1204167"
},
{
"category": "self",
"summary": "SUSE Bug 1205186",
"url": "https://bugzilla.suse.com/1205186"
},
{
"category": "self",
"summary": "SUSE Bug 1206373",
"url": "https://bugzilla.suse.com/1206373"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3424 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4379 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4379/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-02-07T06:34:26Z",
"generator": {
"date": "2023-02-07T06:34:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0277-1",
"initial_release_date": "2023-02-07T06:34:26Z",
"revision_history": [
{
"date": "2023-02-07T06:34:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2602"
}
],
"notes": [
{
"category": "general",
"text": "io_uring UAF, Unix SCM garbage collection",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2602",
"url": "https://www.suse.com/security/cve/CVE-2022-2602"
},
{
"category": "external",
"summary": "SUSE Bug 1204228 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1204228"
},
{
"category": "external",
"summary": "SUSE Bug 1205186 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1205186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-07T06:34:26Z",
"details": "important"
}
],
"title": "CVE-2022-2602"
},
{
"cve": "CVE-2022-3424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3424"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3424",
"url": "https://www.suse.com/security/cve/CVE-2022-3424"
},
{
"category": "external",
"summary": "SUSE Bug 1204166 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204166"
},
{
"category": "external",
"summary": "SUSE Bug 1204167 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204167"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1212309 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1212309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-07T06:34:26Z",
"details": "important"
}
],
"title": "CVE-2022-3424"
},
{
"cve": "CVE-2022-4379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4379",
"url": "https://www.suse.com/security/cve/CVE-2022-4379"
},
{
"category": "external",
"summary": "SUSE Bug 1206209 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206209"
},
{
"category": "external",
"summary": "SUSE Bug 1206373 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-07T06:34:26Z",
"details": "important"
}
],
"title": "CVE-2022-4379"
}
]
}
SUSE-SU-2023:0280-1
Vulnerability from csaf_suse - Published: 2023-02-07 07:05 - Updated: 2023-02-07 07:05Summary
Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues.
The following security issues were fixed:
- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).
Patchnames: SUSE-2023-280,SUSE-SLE-Module-Live-Patching-15-SP4-2023-280
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).\n- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-280,SUSE-SLE-Module-Live-Patching-15-SP4-2023-280",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0280-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0280-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230280-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0280-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013639.html"
},
{
"category": "self",
"summary": "SUSE Bug 1205186",
"url": "https://bugzilla.suse.com/1205186"
},
{
"category": "self",
"summary": "SUSE Bug 1206373",
"url": "https://bugzilla.suse.com/1206373"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4379 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4379/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-02-07T07:05:29Z",
"generator": {
"date": "2023-02-07T07:05:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0280-1",
"initial_release_date": "2023-02-07T07:05:29Z",
"revision_history": [
{
"date": "2023-02-07T07:05:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2602"
}
],
"notes": [
{
"category": "general",
"text": "io_uring UAF, Unix SCM garbage collection",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2602",
"url": "https://www.suse.com/security/cve/CVE-2022-2602"
},
{
"category": "external",
"summary": "SUSE Bug 1204228 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1204228"
},
{
"category": "external",
"summary": "SUSE Bug 1205186 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1205186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-07T07:05:29Z",
"details": "important"
}
],
"title": "CVE-2022-2602"
},
{
"cve": "CVE-2022-4379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4379",
"url": "https://www.suse.com/security/cve/CVE-2022-4379"
},
{
"category": "external",
"summary": "SUSE Bug 1206209 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206209"
},
{
"category": "external",
"summary": "SUSE Bug 1206373 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-07T07:05:29Z",
"details": "important"
}
],
"title": "CVE-2022-4379"
}
]
}
SUSE-SU-2023:0320-1
Vulnerability from csaf_suse - Published: 2023-02-08 15:17 - Updated: 2023-02-08 15:17Summary
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_15_5 fixes one issue.
The following security issue was fixed:
- CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open (bsc#1206209).
Patchnames: SUSE-2023-320,SUSE-SLE-Module-Live-Patching-15-SP4-2023-320
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_15_5 fixes one issue.\n\nThe following security issue was fixed:\n\n- CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open (bsc#1206209).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-320,SUSE-SLE-Module-Live-Patching-15-SP4-2023-320",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0320-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0320-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230320-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0320-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013702.html"
},
{
"category": "self",
"summary": "SUSE Bug 1206373",
"url": "https://bugzilla.suse.com/1206373"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4379 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4379/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-02-08T15:17:07Z",
"generator": {
"date": "2023-02-08T15:17:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0320-1",
"initial_release_date": "2023-02-08T15:17:07Z",
"revision_history": [
{
"date": "2023-02-08T15:17:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4379",
"url": "https://www.suse.com/security/cve/CVE-2022-4379"
},
{
"category": "external",
"summary": "SUSE Bug 1206209 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206209"
},
{
"category": "external",
"summary": "SUSE Bug 1206373 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-08T15:17:07Z",
"details": "important"
}
],
"title": "CVE-2022-4379"
}
]
}
SUSE-SU-2023:0331-1
Vulnerability from csaf_suse - Published: 2023-02-09 11:33 - Updated: 2023-02-09 11:33Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.
The following security issues were fixed:
- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).
Patchnames: SUSE-2023-331,SUSE-SLE-Module-Live-Patching-15-SP4-2023-331
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373).\n- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167).\n- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-331,SUSE-SLE-Module-Live-Patching-15-SP4-2023-331",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0331-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0331-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230331-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0331-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013714.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204167",
"url": "https://bugzilla.suse.com/1204167"
},
{
"category": "self",
"summary": "SUSE Bug 1205186",
"url": "https://bugzilla.suse.com/1205186"
},
{
"category": "self",
"summary": "SUSE Bug 1206373",
"url": "https://bugzilla.suse.com/1206373"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3424 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4379 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4379/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-02-09T11:33:57Z",
"generator": {
"date": "2023-02-09T11:33:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0331-1",
"initial_release_date": "2023-02-09T11:33:57Z",
"revision_history": [
{
"date": "2023-02-09T11:33:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2602"
}
],
"notes": [
{
"category": "general",
"text": "io_uring UAF, Unix SCM garbage collection",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2602",
"url": "https://www.suse.com/security/cve/CVE-2022-2602"
},
{
"category": "external",
"summary": "SUSE Bug 1204228 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1204228"
},
{
"category": "external",
"summary": "SUSE Bug 1205186 for CVE-2022-2602",
"url": "https://bugzilla.suse.com/1205186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T11:33:57Z",
"details": "important"
}
],
"title": "CVE-2022-2602"
},
{
"cve": "CVE-2022-3424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3424"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3424",
"url": "https://www.suse.com/security/cve/CVE-2022-3424"
},
{
"category": "external",
"summary": "SUSE Bug 1204166 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204166"
},
{
"category": "external",
"summary": "SUSE Bug 1204167 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204167"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1212309 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1212309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T11:33:57Z",
"details": "important"
}
],
"title": "CVE-2022-3424"
},
{
"cve": "CVE-2022-4379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4379",
"url": "https://www.suse.com/security/cve/CVE-2022-4379"
},
{
"category": "external",
"summary": "SUSE Bug 1206209 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206209"
},
{
"category": "external",
"summary": "SUSE Bug 1206373 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T11:33:57Z",
"details": "important"
}
],
"title": "CVE-2022-4379"
}
]
}
WID-SEC-W-2022-2324
Vulnerability from csaf_certbund - Published: 2022-12-13 23:00 - Updated: 2023-06-06 22:00Summary
Linux Kernel: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein entfernter Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle im Linux-Kernel aufgrund eines use-after-free in "__nfs42_ssc_open()" des NFS-Subsystems. Ein entfernter Angreifer kann dies ausnutzen, um einen Denial of Service-Zustand auszulösen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM Spectrum Protect 10.1
IBM
|
cpe:/a:ibm:spectrum_protect:10.1
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Linux Kernel <= 6.1
Open Source
|
cpe:/o:linux:linux_kernel:6.1
|
— |
References
38 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2324 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2324.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2324 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2324"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2023-126 vom 2023-06-06",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2023-126.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2023-127 vom 2023-06-06",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2023-127.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2023-125 vom 2023-06-06",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2023-125.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3404 vom 2023-05-03",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2023-016 vom 2023-04-18",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-016.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2023-029 vom 2023-04-18",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-029.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1435 vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1435"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5962-1 vom 2023-03-16",
"url": "https://ubuntu.com/security/notices/USN-5962-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963936 vom 2023-03-16",
"url": "https://www.ibm.com/support/pages/node/6963936"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5950-1 vom 2023-03-14",
"url": "https://ubuntu.com/security/notices/USN-5950-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1203 vom 2023-03-14",
"url": "https://access.redhat.com/errata/RHSA-2023:1203"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1202 vom 2023-03-14",
"url": "https://access.redhat.com/errata/RHSA-2023:1202"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5941-1 vom 2023-03-09",
"url": "https://ubuntu.com/security/notices/USN-5941-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5938-1 vom 2023-03-08",
"url": "https://ubuntu.com/security/notices/USN-5938-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5935-1 vom 2023-03-07",
"url": "https://ubuntu.com/security/notices/USN-5935-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5929-1 vom 2023-03-07",
"url": "https://ubuntu.com/security/notices/USN-5929-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5913-1 vom 2023-03-03",
"url": "https://ubuntu.com/security/notices/USN-5913-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5912-1 vom 2023-03-03",
"url": "https://ubuntu.com/security/notices/USN-5912-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5915-1 vom 2023-03-03",
"url": "https://ubuntu.com/security/notices/USN-5915-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5911-1 vom 2023-03-03",
"url": "https://ubuntu.com/security/notices/USN-5911-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5914-1 vom 2023-03-03",
"url": "https://ubuntu.com/security/notices/USN-5914-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-0951 vom 2023-03-01",
"url": "http://linux.oracle.com/errata/ELSA-2023-0951.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1008 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:1008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0979 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:0979"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0951 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:0951"
},
{
"category": "external",
"summary": "Mailing list OSS Security vom 2022-12-14",
"url": "https://seclists.org/oss-sec/2022/q4/185"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0146-1 vom 2023-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013527.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0147-1 vom 2023-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013528.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0149-1 vom 2023-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0273-1 vom 2023-02-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013630.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0270-1 vom 2023-02-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013634.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0277-1 vom 2023-02-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013637.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0280-1 vom 2023-02-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013639.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0331-1 vom 2023-02-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013714.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0320-1 vom 2023-02-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013702.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230223-0004 vom 2023-02-23",
"url": "https://security.netapp.com/advisory/ntap-20230223-0004/"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-06-06T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:59.022+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2324",
"initial_release_date": "2022-12-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: FEDORA-2023-3FD7349F60, FEDORA-2023-F4F9182DC8"
},
{
"date": "2023-01-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-02-23T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-07T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-09T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2023-03-16T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM und Ubuntu aufgenommen"
},
{
"date": "2023-03-23T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-17T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-06-06T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "20"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Spectrum Protect 10.1",
"product": {
"name": "IBM Spectrum Protect 10.1",
"product_id": "T023657",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:10.1"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "658714",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel \u003c= 6.1",
"product": {
"name": "Open Source Linux Kernel \u003c= 6.1",
"product_id": "T025609",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:6.1"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4379",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle im Linux-Kernel aufgrund eines use-after-free in \"__nfs42_ssc_open()\" des NFS-Subsystems. Ein entfernter Angreifer kann dies ausnutzen, um einen Denial of Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T023657",
"398363",
"658714",
"T004914"
],
"last_affected": [
"T025609"
]
},
"release_date": "2022-12-13T23:00:00.000+00:00",
"title": "CVE-2022-4379"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…