Lucene search

[email protected]CVE-2022-1678

HistoryMay 25, 2022 - 3:15 p.m.

CVE-2022-1678

2022-05-2515:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

linux kernel

cve-2022-1678

security

memory leak

netns leak

remote clients

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle4.19
netapp:element_softwarenetapp element softwareeq-
netapp:storagegridnetapp storagegrideq-
netapp:solidfirenetapp solidfireeq-
netapp:hci_management_nodenetapp hci management nodeeq-
netapp:active_iq_unified_managernetapp active iq unified managereq-
netapp:cloud_volumes_ontap_mediatornetapp cloud volumes ontap mediatoreq-
netapp:e-series_santricity_os_controllernetapp e-series santricity os controllerle11.70.2
netapp:bootstrap_osnetapp bootstrap oseq-
netapp:h300s_firmwarenetapp h300s firmwareeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	4.19
netapp:element_software	netapp element software	eq	-
netapp:storagegrid	netapp storagegrid	eq	-
netapp:solidfire	netapp solidfire	eq	-
netapp:hci_management_node	netapp hci management node	eq	-
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-
netapp:cloud_volumes_ontap_mediator	netapp cloud volumes ontap mediator	eq	-
netapp:e-series_santricity_os_controller	netapp e-series santricity os controller	le	11.70.2
netapp:bootstrap_os	netapp bootstrap os	eq	-
netapp:h300s_firmware	netapp h300s firmware	eq	-

Rows per page:

1-10 of 171

References

anas.openanolis.cn/cves/detail/CVE-2022-1678

anas.openanolis.cn/errata/detail/ANSA-2022:0143

bugzilla.openanolis.cn/show_bug.cgi?id=61

gitee.com/anolis/cloud-kernel/commit/bed537da691b

github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a

lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/

security.netapp.com/advisory/ntap-20220715-0001/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2022-1678

prion1 ubuntucve1 redhatcve1 debiancve1 nessus8 photon1