Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0171

Опубликовано: 21 апр. 2022
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Отчет

This flaw does not affect the versions of the kernel packages as shipped with Red Hat Enterprise Linux 6 and 7, as they did not include support for SEV. Red Hat Enterprise Linux 8 currently provides SEV as a Technology Preview. Using SEV in a production environment is discouraged. For additional details please see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=2038940kernel: KVM: cache incoherence issue in SEV API may lead to kernel crash

EPSS

Процентиль: 11%
0.00039
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0171

CVSS3: 5.5
ubuntu
больше 3 лет назад

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

nvd логотип

CVE-2022-0171

CVSS3: 5.5
nvd
больше 3 лет назад

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

msrc логотип

CVE-2022-0171

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-0171

CVSS3: 5.5
debian
больше 3 лет назад

A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...

github логотип

GHSA-963w-7frp-mf37

CVSS3: 5.5
github
больше 3 лет назад

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

EPSS

Процентиль: 11%
0.00039
Низкий

4.7 Medium

CVSS3

Уязвимость CVE-2022-0171