BDU:2025-10254

Опубликовано: 09 нояб. 2022

Источник: fstec

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Уязвимость функции udf_find_entry() ядра операционной системы Linux связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Вендор

Novell Inc.

Red Hat Inc.

Сообщество свободного программного обеспечения

Наименование ПО

Suse Linux Enterprise Desktop

SUSE Linux Enterprise Server for SAP Applications

Suse Linux Enterprise Server

Red Hat Enterprise Linux

OpenSUSE Leap

Debian GNU/Linux

openSUSE Leap Micro

SUSE Liberty Linux

Linux

Версия ПО

12 SP4 (Suse Linux Enterprise Desktop)

12 SP4 (SUSE Linux Enterprise Server for SAP Applications)

12 SP4 (Suse Linux Enterprise Server)

8 (Red Hat Enterprise Linux)

15 SP1 (SUSE Linux Enterprise Server for SAP Applications)

12 SP5 (Suse Linux Enterprise Server)

12 SP5 (SUSE Linux Enterprise Server for SAP Applications)

15-LTSS (Suse Linux Enterprise Server)

12 SP4-ESPOS (Suse Linux Enterprise Server)

12 SP4-LTSS (Suse Linux Enterprise Server)

15 SP1-BCL (Suse Linux Enterprise Server)

15 SP1-LTSS (Suse Linux Enterprise Server)

15.3 (OpenSUSE Leap)

15 SP1 (Suse Linux Enterprise Server)

11 (Debian GNU/Linux)

8.4 Extended Update Support (Red Hat Enterprise Linux)

15.4 (OpenSUSE Leap)

15 SP3 (Suse Linux Enterprise Server)

15 SP3 (SUSE Linux Enterprise Server for SAP Applications)

15 SP3 (Suse Linux Enterprise Desktop)

15 SP2 (Suse Linux Enterprise Server)

15 SP2 (SUSE Linux Enterprise Server for SAP Applications)

15 SP4 (Suse Linux Enterprise Server)

15 SP2 (Suse Linux Enterprise Desktop)

15 SP4 (Suse Linux Enterprise Desktop)

15 (Suse Linux Enterprise Server)

15 SP2-BCL (Suse Linux Enterprise Server)

15 SP4 (SUSE Linux Enterprise Server for SAP Applications)

9 (Red Hat Enterprise Linux)

15 SP2-LTSS (Suse Linux Enterprise Server)

15 SP1 (Suse Linux Enterprise Desktop)

15 (Suse Linux Enterprise Desktop)

5.2 (openSUSE Leap Micro)

5.3 (openSUSE Leap Micro)

8.2 Advanced Update Support (Red Hat Enterprise Linux)

15 SP3-LTSS (Suse Linux Enterprise Server)

15 SP3-BCL (Suse Linux Enterprise Server)

15 SP5 (SUSE Linux Enterprise Server for SAP Applications)

15 SP5 (Suse Linux Enterprise Server)

15 SP5 (Suse Linux Enterprise Desktop)

5.4 (openSUSE Leap Micro)

8.4 Advanced Mission Critical Update Support (Red Hat Enterprise Linux)

5.5 (openSUSE Leap Micro)

9 (SUSE Liberty Linux)

8.8 Extended Update Support (Red Hat Enterprise Linux)

8 (SUSE Liberty Linux)

15 SP4-LTSS (Suse Linux Enterprise Server)

9.0 Update Services for SAP Solutions (Red Hat Enterprise Linux)

8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux)

8.6 Telecommunications Update Service (Red Hat Enterprise Linux)

8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux)

12 SP5-LTSS (Suse Linux Enterprise Server)

12 SP5 LTSS Extended Security (Suse Linux Enterprise Server)

9.4 Extended Update Support (Red Hat Enterprise Linux)

15 SP5-LTSS (Suse Linux Enterprise Server)

8.8 Telecommunications Update Service (Red Hat Enterprise Linux)

8.8 Update Services for SAP Solutions (Red Hat Enterprise Linux)

9.2 Update Services for SAP Solutions (Red Hat Enterprise Linux)

до 5.15.79 (Linux)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Novell Inc. Suse Linux Enterprise Desktop 12 SP4

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4

Novell Inc. Suse Linux Enterprise Server 12 SP4

Red Hat Inc. Red Hat Enterprise Linux 8

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1

Novell Inc. Suse Linux Enterprise Server 12 SP5

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5

Novell Inc. Suse Linux Enterprise Server 15-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS

Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS

Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL

Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS

Novell Inc. OpenSUSE Leap 15.3

Novell Inc. Suse Linux Enterprise Server 15 SP1

Сообщество свободного программного обеспечения Debian GNU/Linux 11

Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support

Novell Inc. OpenSUSE Leap 15.4

Novell Inc. Suse Linux Enterprise Server 15 SP3

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3

Novell Inc. Suse Linux Enterprise Desktop 15 SP3

Novell Inc. Suse Linux Enterprise Server 15 SP2

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2

Novell Inc. Suse Linux Enterprise Server 15 SP4

Novell Inc. Suse Linux Enterprise Desktop 15 SP2

Novell Inc. Suse Linux Enterprise Desktop 15 SP4

Novell Inc. Suse Linux Enterprise Server 15

Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4

Red Hat Inc. Red Hat Enterprise Linux 9

Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS

Novell Inc. Suse Linux Enterprise Desktop 15 SP1

Novell Inc. Suse Linux Enterprise Desktop 15

Novell Inc. openSUSE Leap Micro 5.2

Novell Inc. openSUSE Leap Micro 5.3

Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support

Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS

Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL

Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5

Novell Inc. Suse Linux Enterprise Server 15 SP5

Novell Inc. Suse Linux Enterprise Desktop 15 SP5

Novell Inc. openSUSE Leap Micro 5.4

Red Hat Inc. Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Novell Inc. openSUSE Leap Micro 5.5

Novell Inc. SUSE Liberty Linux 9

Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support

Novell Inc. SUSE Liberty Linux 8

Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS

Red Hat Inc. Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Novell Inc. Suse Linux Enterprise Server 12 SP5-LTSS

Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security

Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support

Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS

Red Hat Inc. Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Red Hat Inc. Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Red Hat Inc. Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Сообщество свободного программного обеспечения Linux до 5.15.79

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)

Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 7,8)

Возможные меры по устранению уязвимости

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.

Использование рекомендаций:

Для Linux:

https://git.kernel.org/stable/c/03f9582a6a2ebd25a440896475c968428c4b63e7

https://git.kernel.org/stable/c/583fdd98d94acba1e7225e5cc29063aef0741030

https://git.kernel.org/stable/c/7a6051d734f1ed0031e2216f9a538621235c11a4

https://git.kernel.org/stable/c/ac79001b8e603226fab17240a79cb9ef679d3cd9

https://git.kernel.org/stable/c/c736ed8541605e3a25075bb1cbf8f38cb3083238

https://git.kernel.org/stable/c/c8af247de385ce49afabc3bf1cf4fd455c94bfe8

https://git.kernel.org/stable/c/d8971f410739a864c537e0ac29344a7b6c450232

https://git.kernel.org/stable/c/f1517721c408631f09d54c743aa70cb07fd3eebd

https://lore.kernel.org/linux-cve-announce/2025050142-CVE-2022-49846-728c@gregkh/T/#u

Для программных продуктов Red Hat Inc.:

https://access.redhat.com/security/cve/CVE-2022-49846

Для программных продуктов Debian GNU/Linux:

https://security-tracker.debian.org/tracker/CVE-2022-49846

Для программных продуктов Novell Inc.:

https://www.suse.com/security/cve/CVE-2022-49846.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-49846
CVE

EPSS

Процентиль: 9%

0.00033

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2022-49846

CVSS3: 7.8

ubuntu

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Write of size 105 at addr ffff8880123ff896 by task syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report+0xcd/0x100 mm/kasan/report.c:495 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189 memcpy+0x3c/0x60 mm/kasan/shadow.c:66 udf_find_entry+0x8a5/0x14...

CVE-2022-49846

CVSS3: 7.1

redhat

6 месяцев назад

CVE-2022-49846

CVSS3: 7.8

nvd

6 месяцев назад

CVE-2022-49846

CVSS3: 7.8

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: u ...

GHSA-79gf-mr55-pw4g

CVSS3: 7.8

github

6 месяцев назад

EPSS

Процентиль: 9%

0.00033

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2