CVE-2022-1011

🗓️ 18 Mar 2022 00:00:00Reported by redhatType

A use-after-free flaw in the Linux kernel’s FUSE filesystem allows local user unauthorized data access, leading to privilege escalation

Reporter	Title	Published	Views	Family All 473
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2022-1793)	5 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2024-2569)	12 Jun 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-012 (ALASKERNEL-5.10-2022-012)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2022-1591)	10 Jun 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0029: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2022:0029)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0125: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2022:0125)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : kernel (ALSA-2022:1988)	12 May 202200:00	–	nessus
Tenable Nessus	CentOS 9 : kernel-5.14.0-347.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Debian DLA-3065-1 : linux - LTS security update	2 Jul 202200:00	–	nessus
Tenable Nessus	Debian DSA-5173-1 : linux - security update	4 Jul 202200:00	–	nessus

NVD

Vulners

Node

linux linux_kernelRange<5.17

linux linux_kernelMatch5.17-

linux linux_kernelMatch5.17rc1

linux linux_kernelMatch5.17rc2

linux linux_kernelMatch5.17rc3

linux linux_kernelMatch5.17rc4

linux linux_kernelMatch5.17rc7

Node

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

redhat build_of_quarkusMatch2.0

redhat developer_toolsMatch1.0

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.6

redhat enterprise_linux_for_ibm_z_systemsMatch8.0

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.6

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.6

redhat enterprise_linux_for_real_timeMatch8

redhat enterprise_linux_for_real_time_for_nfvMatch8

redhat enterprise_linux_for_real_time_for_nfv_tusMatch8.6

redhat enterprise_linux_for_real_time_tusMatch8.6

redhat enterprise_linux_server_ausMatch8.6

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.6

redhat enterprise_linux_server_tusMatch8.6

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.6

Node

redhat virtualization_hostMatch4.0

AND

redhat enterprise_linuxMatch8.0

Node

redhat codeready_linux_builderMatch-

AND

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch8.6

redhat enterprise_linux_eusMatch8.6

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.6

Node

netapp h300s_firmwareMatch-

AND

netapp h300sMatch-

Node

netapp h500s_firmwareMatch-

AND

netapp h500sMatch-

Node

netapp h700s_firmwareMatch-

AND

netapp h700sMatch-

Node

netapp h300e_firmwareMatch-

AND

netapp h300eMatch-

Node

netapp h500e_firmwareMatch-

AND

netapp h500eMatch-

Node

netapp h700e_firmwareMatch-

AND

netapp h700eMatch-

Node

netapp h410s_firmwareMatch-

AND

netapp h410sMatch-

Node

netapp h410c_firmwareMatch-

AND

netapp h410cMatch-

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

oracle communications_cloud_native_core_binding_support_functionMatch22.1.3

[
  {
    "vendor": "n/a",
    "product": "kernel",
    "versions": [
      {
        "version": "Linux kernel 5.16-rc8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.debian.org/debian-lts-announce/2022/07/msg00000.html
oracle	www.oracle.com/security-alerts/cpujul2022.html
debian	www.debian.org/security/2022/dsa-5173

21 Nov 2024 06:39Current

7.7High risk

Vulners AI Score7.7

CVSS 24.6

CVSS 3.17.8

EPSS0.00207

CWE-416