CVE-2022-1184

EPSS 0.03%
Veröffentlicht 29.08.2022 15:15:10
Zuletzt bearbeitet 21.11.2024 06:40:12
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version > 2.6.12 < 4.9.138

Linux ≫ Linux Kernel Version > 4.14 < 4.14.283

Linux ≫ Linux Kernel Version > 4.19 < 4.19.247

Linux ≫ Linux Kernel Version > 5.4 < 5.4.198

Linux ≫ Linux Kernel Version > 5.10 < 5.10.121

Linux ≫ Linux Kernel Version > 5.15 < 5.15.46

Linux ≫ Linux Kernel Version > 5.17 < 5.17.14

Linux ≫ Linux Kernel Version > 5.18 < 5.18.3

Linux ≫ Linux Kernel Version2.6.12 Update-

Linux ≫ Linux Kernel Version2.6.12 Updaterc2

Linux ≫ Linux Kernel Version2.6.12 Updaterc3

Linux ≫ Linux Kernel Version2.6.12 Updaterc4

Linux ≫ Linux Kernel Version2.6.12 Updaterc5

Linux ≫ Linux Kernel Version2.6.12 Updaterc6

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5257

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2022-1184

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2070205

Third Party Advisory

Issue Tracking

https://ubuntu.com/security/CVE-2022-1184

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1184

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1184

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1184

EUVD