2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-1652" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2022-06-02T14:15:32.930" ,
"lastModified" : "2023-03-01T20:16:17.607" ,
"vulnStatus" : "Analyzed" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system."
} ,
{
"lang" : "es" ,
"value" : "El Kernel de Linux podr\u00eda permitir a un atacante local ejecutar c\u00f3digo arbitrario en el sistema, causado por un fallo de uso de memoria previamente liberada concurrente en la funci\u00f3n bad_flp_intr. Al ejecutar un programa especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario o causar una condici\u00f3n de denegaci\u00f3n de servicio en el sistema"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C" ,
"accessVector" : "LOCAL" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
"availabilityImpact" : "COMPLETE" ,
"baseScore" : 7.2
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
} ,
{
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.6.12" ,
"versionEndExcluding" : "4.9.316" ,
"matchCriteriaId" : "69D1C236-000C-4BAD-B7A6-9393F9BB74FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.10" ,
"versionEndExcluding" : "4.14.281" ,
"matchCriteriaId" : "EBB1A3B4-E46A-4454-A428-85CC0AC925F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.15" ,
"versionEndExcluding" : "4.19.245" ,
"matchCriteriaId" : "239757EB-B2DF-4DD4-8EEE-97141186DA12"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.20" ,
"versionEndExcluding" : "5.4.196" ,
"matchCriteriaId" : "87FC1554-2185-4ED6-BF1C-293AA14FFC32"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.10.118" ,
"matchCriteriaId" : "CA790029-5DF7-42D7-962E-C810540457A5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.42" ,
"matchCriteriaId" : "555641B6-5319-4C13-9CC9-50B1CCF9E816"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "5.17.10" ,
"matchCriteriaId" : "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "56409CEC-5A1E-4450-AA42-641E459CC2AF"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8497A4C9-8474-4A62-8331-3FE862ED4098"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
2023-04-24 12:24:31 +02:00
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1832397" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Not Applicable"
]
} ,
{
"url" : "https://francozappa.github.io/about-bias/" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Not Applicable"
]
} ,
{
"url" : "https://kb.cert.org/vuls/id/647177/" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Not Applicable" ,
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20220722-0002/" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2022/dsa-5173" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
}
]
}
