CVE-2022-50280 (GCVE-0-2022-50280)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:21 – Updated: 2026-05-23 15:24
VLAI
Title
pnode: terminate at peers of source
Summary
In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagate_mnt() function handles mount propagation when creating mounts and propagates the source mount tree @source_mnt to all applicable nodes of the destination propagation mount tree headed by @dest_mnt. Unfortunately it contains a bug where it fails to terminate at peers of @source_mnt when looking up copies of the source mount that become masters for copies of the source mount tree mounted on top of slaves in the destination propagation tree causing a NULL dereference. Once the mechanics of the bug are understood it's easy to trigger. Because of unprivileged user namespaces it is available to unprivileged users. While fixing this bug we've gotten confused multiple times due to unclear terminology or missing concepts. So let's start this with some clarifications: * The terms "master" or "peer" denote a shared mount. A shared mount belongs to a peer group. * A peer group is a set of shared mounts that propagate to each other. They are identified by a peer group id. The peer group id is available in @shared_mnt->mnt_group_id. Shared mounts within the same peer group have the same peer group id. The peers in a peer group can be reached via @shared_mnt->mnt_share. * The terms "slave mount" or "dependent mount" denote a mount that receives propagation from a peer in a peer group. IOW, shared mounts may have slave mounts and slave mounts have shared mounts as their master. Slave mounts of a given peer in a peer group are listed on that peers slave list available at @shared_mnt->mnt_slave_list. * The term "master mount" denotes a mount in a peer group. IOW, it denotes a shared mount or a peer mount in a peer group. The term "master mount" - or "master" for short - is mostly used when talking in the context of slave mounts that receive propagation from a master mount. A master mount of a slave identifies the closest peer group a slave mount receives propagation from. The master mount of a slave can be identified via @slave_mount->mnt_master. Different slaves may point to different masters in the same peer group. * Multiple peers in a peer group can have non-empty ->mnt_slave_lists. Non-empty ->mnt_slave_lists of peers don't intersect. Consequently, to ensure all slave mounts of a peer group are visited the ->mnt_slave_lists of all peers in a peer group have to be walked. * Slave mounts point to a peer in the closest peer group they receive propagation from via @slave_mnt->mnt_master (see above). Together with these peers they form a propagation group (see below). The closest peer group can thus be identified through the peer group id @slave_mnt->mnt_master->mnt_group_id of the peer/master that a slave mount receives propagation from. * A shared-slave mount is a slave mount to a peer group pg1 while also a peer in another peer group pg2. IOW, a peer group may receive propagation from another peer group. If a peer group pg1 is a slave to another peer group pg2 then all peers in peer group pg1 point to the same peer in peer group pg2 via ->mnt_master. IOW, all peers in peer group pg1 appear on the same ->mnt_slave_list. IOW, they cannot be slaves to different peer groups. * A pure slave mount is a slave mount that is a slave to a peer group but is not a peer in another peer group. * A propagation group denotes the set of mounts consisting of a single peer group pg1 and all slave mounts and shared-slave mounts that point to a peer in that peer group via ->mnt_master. IOW, all slave mounts such that @slave_mnt->mnt_master->mnt_group_id is equal to @shared_mnt->mnt_group_id. The concept of a propagation group makes it easier to talk about a single propagation level in a propagation tree. For example, in propagate_mnt() the immediate peers of @dest_mnt and all slaves of @dest_mnt's peer group form a propagation group pr ---truncated---
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < cc997490be65da0af8c75a6244fc80bb66c53ce0 (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < 7f57df69de7f05302fad584eb8e3f34de39e0311 (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < 2dae4211b579ce98985876a73a78466e285238ff (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < b591b2919d018ef91b4a9571edca94105bcad3df (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < c24cc476acd8bccb5af54849aac5e779d8223bf5 (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < e7c9f10c44a8919cd8bbd51b228c84d0caf7d518 (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < 784a4f995ee24460aa72e00b085612fad57ebce5 (git)
Affected: f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 , < 11933cf1d91d57da9e5c53822a540bbdc2656c16 (git)
Affected: fc7b1646bf29f722277bdd19551e01420ce9da8f (git)
Affected: 3.14.3 , < 3.15 (semver)
Create a notification for this product.
Linux Linux Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 4.9.337 , ≤ 4.9.* (semver)
Unaffected: 4.14.303 , ≤ 4.14.* (semver)
Unaffected: 4.19.270 , ≤ 4.19.* (semver)
Unaffected: 5.4.229 , ≤ 5.4.* (semver)
Unaffected: 5.10.163 , ≤ 5.10.* (semver)
Unaffected: 5.15.87 , ≤ 5.15.* (semver)
Unaffected: 6.0.17 , ≤ 6.0.* (semver)
Unaffected: 6.1.3 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pnode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "cc997490be65da0af8c75a6244fc80bb66c53ce0",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "7f57df69de7f05302fad584eb8e3f34de39e0311",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "2dae4211b579ce98985876a73a78466e285238ff",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "b591b2919d018ef91b4a9571edca94105bcad3df",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "c24cc476acd8bccb5af54849aac5e779d8223bf5",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "e7c9f10c44a8919cd8bbd51b228c84d0caf7d518",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "784a4f995ee24460aa72e00b085612fad57ebce5",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "lessThan": "11933cf1d91d57da9e5c53822a540bbdc2656c16",
              "status": "affected",
              "version": "f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fc7b1646bf29f722277bdd19551e01420ce9da8f",
              "versionType": "git"
            },
            {
              "lessThan": "3.15",
              "status": "affected",
              "version": "3.14.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pnode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.17",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.3",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.14.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npnode: terminate at peers of source\n\nThe propagate_mnt() function handles mount propagation when creating\nmounts and propagates the source mount tree @source_mnt to all\napplicable nodes of the destination propagation mount tree headed by\n@dest_mnt.\n\nUnfortunately it contains a bug where it fails to terminate at peers of\n@source_mnt when looking up copies of the source mount that become\nmasters for copies of the source mount tree mounted on top of slaves in\nthe destination propagation tree causing a NULL dereference.\n\nOnce the mechanics of the bug are understood it\u0027s easy to trigger.\nBecause of unprivileged user namespaces it is available to unprivileged\nusers.\n\nWhile fixing this bug we\u0027ve gotten confused multiple times due to\nunclear terminology or missing concepts. So let\u0027s start this with some\nclarifications:\n\n* The terms \"master\" or \"peer\" denote a shared mount. A shared mount\n  belongs to a peer group.\n\n* A peer group is a set of shared mounts that propagate to each other.\n  They are identified by a peer group id. The peer group id is available\n  in @shared_mnt-\u003emnt_group_id.\n  Shared mounts within the same peer group have the same peer group id.\n  The peers in a peer group can be reached via @shared_mnt-\u003emnt_share.\n\n* The terms \"slave mount\" or \"dependent mount\" denote a mount that\n  receives propagation from a peer in a peer group. IOW, shared mounts\n  may have slave mounts and slave mounts have shared mounts as their\n  master. Slave mounts of a given peer in a peer group are listed on\n  that peers slave list available at @shared_mnt-\u003emnt_slave_list.\n\n* The term \"master mount\" denotes a mount in a peer group. IOW, it\n  denotes a shared mount or a peer mount in a peer group. The term\n  \"master mount\" - or \"master\" for short - is mostly used when talking\n  in the context of slave mounts that receive propagation from a master\n  mount. A master mount of a slave identifies the closest peer group a\n  slave mount receives propagation from. The master mount of a slave can\n  be identified via @slave_mount-\u003emnt_master. Different slaves may point\n  to different masters in the same peer group.\n\n* Multiple peers in a peer group can have non-empty -\u003emnt_slave_lists.\n  Non-empty -\u003emnt_slave_lists of peers don\u0027t intersect. Consequently, to\n  ensure all slave mounts of a peer group are visited the\n  -\u003emnt_slave_lists of all peers in a peer group have to be walked.\n\n* Slave mounts point to a peer in the closest peer group they receive\n  propagation from via @slave_mnt-\u003emnt_master (see above). Together with\n  these peers they form a propagation group (see below). The closest\n  peer group can thus be identified through the peer group id\n  @slave_mnt-\u003emnt_master-\u003emnt_group_id of the peer/master that a slave\n  mount receives propagation from.\n\n* A shared-slave mount is a slave mount to a peer group pg1 while also\n  a peer in another peer group pg2. IOW, a peer group may receive\n  propagation from another peer group.\n\n  If a peer group pg1 is a slave to another peer group pg2 then all\n  peers in peer group pg1 point to the same peer in peer group pg2 via\n  -\u003emnt_master. IOW, all peers in peer group pg1 appear on the same\n  -\u003emnt_slave_list. IOW, they cannot be slaves to different peer groups.\n\n* A pure slave mount is a slave mount that is a slave to a peer group\n  but is not a peer in another peer group.\n\n* A propagation group denotes the set of mounts consisting of a single\n  peer group pg1 and all slave mounts and shared-slave mounts that point\n  to a peer in that peer group via -\u003emnt_master. IOW, all slave mounts\n  such that @slave_mnt-\u003emnt_master-\u003emnt_group_id is equal to\n  @shared_mnt-\u003emnt_group_id.\n\n  The concept of a propagation group makes it easier to talk about a\n  single propagation level in a propagation tree.\n\n  For example, in propagate_mnt() the immediate peers of @dest_mnt and\n  all slaves of @dest_mnt\u0027s peer group form a propagation group pr\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:24:06.223Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc997490be65da0af8c75a6244fc80bb66c53ce0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f57df69de7f05302fad584eb8e3f34de39e0311"
        },
        {
          "url": "https://git.kernel.org/stable/c/2dae4211b579ce98985876a73a78466e285238ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/b591b2919d018ef91b4a9571edca94105bcad3df"
        },
        {
          "url": "https://git.kernel.org/stable/c/c24cc476acd8bccb5af54849aac5e779d8223bf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7c9f10c44a8919cd8bbd51b228c84d0caf7d518"
        },
        {
          "url": "https://git.kernel.org/stable/c/784a4f995ee24460aa72e00b085612fad57ebce5"
        },
        {
          "url": "https://git.kernel.org/stable/c/11933cf1d91d57da9e5c53822a540bbdc2656c16"
        }
      ],
      "title": "pnode: terminate at peers of source",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50280",
    "datePublished": "2025-09-15T14:21:16.891Z",
    "dateReserved": "2025-09-15T13:58:00.976Z",
    "dateUpdated": "2026-05-23T15:24:06.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-50280",
      "date": "2026-06-05",
      "epss": "0.0002",
      "percentile": "0.05791"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50280\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-15T15:15:39.067\",\"lastModified\":\"2025-12-04T14:55:40.777\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npnode: terminate at peers of source\\n\\nThe propagate_mnt() function handles mount propagation when creating\\nmounts and propagates the source mount tree @source_mnt to all\\napplicable nodes of the destination propagation mount tree headed by\\n@dest_mnt.\\n\\nUnfortunately it contains a bug where it fails to terminate at peers of\\n@source_mnt when looking up copies of the source mount that become\\nmasters for copies of the source mount tree mounted on top of slaves in\\nthe destination propagation tree causing a NULL dereference.\\n\\nOnce the mechanics of the bug are understood it\u0027s easy to trigger.\\nBecause of unprivileged user namespaces it is available to unprivileged\\nusers.\\n\\nWhile fixing this bug we\u0027ve gotten confused multiple times due to\\nunclear terminology or missing concepts. So let\u0027s start this with some\\nclarifications:\\n\\n* The terms \\\"master\\\" or \\\"peer\\\" denote a shared mount. A shared mount\\n  belongs to a peer group.\\n\\n* A peer group is a set of shared mounts that propagate to each other.\\n  They are identified by a peer group id. The peer group id is available\\n  in @shared_mnt-\u003emnt_group_id.\\n  Shared mounts within the same peer group have the same peer group id.\\n  The peers in a peer group can be reached via @shared_mnt-\u003emnt_share.\\n\\n* The terms \\\"slave mount\\\" or \\\"dependent mount\\\" denote a mount that\\n  receives propagation from a peer in a peer group. IOW, shared mounts\\n  may have slave mounts and slave mounts have shared mounts as their\\n  master. Slave mounts of a given peer in a peer group are listed on\\n  that peers slave list available at @shared_mnt-\u003emnt_slave_list.\\n\\n* The term \\\"master mount\\\" denotes a mount in a peer group. IOW, it\\n  denotes a shared mount or a peer mount in a peer group. The term\\n  \\\"master mount\\\" - or \\\"master\\\" for short - is mostly used when talking\\n  in the context of slave mounts that receive propagation from a master\\n  mount. A master mount of a slave identifies the closest peer group a\\n  slave mount receives propagation from. The master mount of a slave can\\n  be identified via @slave_mount-\u003emnt_master. Different slaves may point\\n  to different masters in the same peer group.\\n\\n* Multiple peers in a peer group can have non-empty -\u003emnt_slave_lists.\\n  Non-empty -\u003emnt_slave_lists of peers don\u0027t intersect. Consequently, to\\n  ensure all slave mounts of a peer group are visited the\\n  -\u003emnt_slave_lists of all peers in a peer group have to be walked.\\n\\n* Slave mounts point to a peer in the closest peer group they receive\\n  propagation from via @slave_mnt-\u003emnt_master (see above). Together with\\n  these peers they form a propagation group (see below). The closest\\n  peer group can thus be identified through the peer group id\\n  @slave_mnt-\u003emnt_master-\u003emnt_group_id of the peer/master that a slave\\n  mount receives propagation from.\\n\\n* A shared-slave mount is a slave mount to a peer group pg1 while also\\n  a peer in another peer group pg2. IOW, a peer group may receive\\n  propagation from another peer group.\\n\\n  If a peer group pg1 is a slave to another peer group pg2 then all\\n  peers in peer group pg1 point to the same peer in peer group pg2 via\\n  -\u003emnt_master. IOW, all peers in peer group pg1 appear on the same\\n  -\u003emnt_slave_list. IOW, they cannot be slaves to different peer groups.\\n\\n* A pure slave mount is a slave mount that is a slave to a peer group\\n  but is not a peer in another peer group.\\n\\n* A propagation group denotes the set of mounts consisting of a single\\n  peer group pg1 and all slave mounts and shared-slave mounts that point\\n  to a peer in that peer group via -\u003emnt_master. IOW, all slave mounts\\n  such that @slave_mnt-\u003emnt_master-\u003emnt_group_id is equal to\\n  @shared_mnt-\u003emnt_group_id.\\n\\n  The concept of a propagation group makes it easier to talk about a\\n  single propagation level in a propagation tree.\\n\\n  For example, in propagate_mnt() the immediate peers of @dest_mnt and\\n  all slaves of @dest_mnt\u0027s peer group form a propagation group pr\\n---truncated---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.14.3\",\"versionEndExcluding\":\"4.9.337\",\"matchCriteriaId\":\"3923A78F-3D68-4A7A-9C1C-B598E6F7500F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.303\",\"matchCriteriaId\":\"1E7450AD-4739-46F0-B81B-C02E7B35A97B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.270\",\"matchCriteriaId\":\"AE8904A3-99BE-4E49-9682-1F90A6373F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.229\",\"matchCriteriaId\":\"A0C0D95E-414A-445E-941B-3EF6A4D3A093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.163\",\"matchCriteriaId\":\"D05D31FC-BD74-4F9E-B1D8-9CED62BE6F65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.87\",\"matchCriteriaId\":\"7B9E5B1C-CD46-4790-9500-615863850401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.17\",\"matchCriteriaId\":\"05B2AE8A-556C-47C1-9119-DBAC5EB60947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndExcluding\":\"6.1.3\",\"matchCriteriaId\":\"70594F60-3413-4969-AFD7-965266760EA6\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/11933cf1d91d57da9e5c53822a540bbdc2656c16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2dae4211b579ce98985876a73a78466e285238ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/784a4f995ee24460aa72e00b085612fad57ebce5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f57df69de7f05302fad584eb8e3f34de39e0311\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b591b2919d018ef91b4a9571edca94105bcad3df\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c24cc476acd8bccb5af54849aac5e779d8223bf5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cad0d17fb2b0540180ab59e2cd48ad348cc1ee4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cc997490be65da0af8c75a6244fc80bb66c53ce0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e7c9f10c44a8919cd8bbd51b228c84d0caf7d518\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.