CVE-2022-0171

EPSS 0.03%
Veröffentlicht 26.08.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 06:38:04
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.18

Linux ≫ Linux Kernel Version5.18 Update-

Linux ≫ Linux Kernel Version5.18 Updaterc1

Linux ≫ Linux Kernel Version5.18 Updaterc2

Linux ≫ Linux Kernel Version5.18 Updaterc3

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.09

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5257

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2022-0171

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2038940

Patch

Third Party Advisory