Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3649

Опубликовано: 03 окт. 2022
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the beginning of the inode bitmap area was corrupted on disk, an inode with the same inode number as the root inode could be allocated and fail soon after. The subsequent call to nilfs_clear_inode() wrongly decremented the reference counter of struct nilfs_root, leading to a use-after-free issue. A user permitted to mount arbitrary file system images could use this flaw to cause a denial of service.

Отчет

Red Hat Enterprise Linux is not affected by this flaw as NILFS2 file system support (CONFIG_NILFS2_FS) is not enabled in any current shipping kernels.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-911->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2140882kernel: nilfs2: use-after-free in nilfs_new_inode of fs/nilfs2/inode.c

EPSS

Процентиль: 28%
0.00099
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3649

CVSS3: 3.1
ubuntu
больше 3 лет назад

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

nvd логотип

CVE-2022-3649

CVSS3: 3.1
nvd
больше 3 лет назад

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

debian логотип

CVE-2022-3649

CVSS3: 3.1
debian
больше 3 лет назад

A vulnerability was found in Linux Kernel. It has been classified as p ...

github логотип

GHSA-x63h-2cwq-phxf

CVSS3: 9.8
github
больше 3 лет назад

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

fstec логотип

BDU:2023-00631

CVSS3: 7
fstec
больше 3 лет назад

Уязвимость функции nilfs_new_inode компонента BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.00099
Низкий

7 High

CVSS3