Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-48900

Опубликовано: 22 авг. 2024
Источник: redhat
CVSS3: 5.5

Описание

[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

Отчет

This CVE has been rejected by the Linux kernel community. Refer to the announcement: https://lore.kernel.org/linux-cve-announce/2024082226-REJECTED-982d@gregkh/ Following issue marked as moderate with "not affected or will not fix" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelWill not fix
Red Hat Enterprise Linux 8kernel-rtWill not fix
Red Hat Enterprise Linux 9kernelWill not fix
Red Hat Enterprise Linux 9kernel-rtWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-415
https://bugzilla.redhat.com/show_bug.cgi?id=2307153kernel: xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-48900

ubuntu
больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

nvd логотип

CVE-2022-48900

nvd
больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

github логотип

GHSA-rfcf-h5v4-mcfh

github
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: react properly to failing gnttab_end_foreign_access_ref() When calling gnttab_end_foreign_access_ref() the returned value must be tested and the reaction to that value should be appropriate. In case of failure in xennet_get_responses() the reaction should not be to crash the system, but to disable the network device. The calls in setup_netfront() can be replaced by calls of gnttab_end_foreign_access(). While at it avoid double free of ring pages and grant references via xennet_disconnect_backend() in this case. This is CVE-2022-23042 / part of XSA-396. --- V2: - avoid double free V3: - remove pointless initializer (Jan Beulich)

5.5 Medium

CVSS3