CVE-2022-1678

Опубликовано: 25 мая 2022

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

Ссылки

https://anas.openanolis.cn/cves/detail/CVE-2022-1678
Third Party Advisory
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143
Third Party Advisory
https://bugzilla.openanolis.cn/show_bug.cgi?id=61
Issue Tracking
Patch
Third Party Advisory
https://gitee.com/anolis/cloud-kernel/commit/bed537da691b
Permissions Required
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a
Patch
Third Party Advisory
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
https://security.netapp.com/advisory/ntap-20220715-0001/
Third Party Advisory
https://anas.openanolis.cn/cves/detail/CVE-2022-1678
Third Party Advisory
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143
Third Party Advisory
https://bugzilla.openanolis.cn/show_bug.cgi?id=61
Issue Tracking
Patch
Third Party Advisory
https://gitee.com/anolis/cloud-kernel/commit/bed537da691b
Permissions Required
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a
Patch
Third Party Advisory
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
https://security.netapp.com/advisory/ntap-20220715-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.18 (включая) до 4.19 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Версия от 11.0 (включая) до 11.70.2 (включая)

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.0152

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-911

NVD-CWE-Other

Связанные уязвимости

CVE-2022-1678

CVSS3: 5.9

ubuntu

больше 3 лет назад

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

CVE-2022-1678

CVSS3: 7.5

redhat

больше 3 лет назад

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

CVE-2022-1678

CVSS3: 5.9

debian

больше 3 лет назад

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an impr ...

GHSA-x4fc-h5x4-26gr

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

BDU:2022-03207

CVSS3: 7.5

fstec

около 4 лет назад

Уязвимость компонента TCP Pace Handler функции tcp_internal_pacing в файле net/ipv4/tcp_output.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%

0.0152

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-911

NVD-CWE-Other