CVE-2022-36123
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 29 Jul 2022, 13:43
Last modified:03 Aug 2024, 10:00
Vulnerability Summary
Overall Risk (default)
medium
41/100 CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
29 Jul 2022, 13:43
Published
Vulnerability first disclosed
03 Aug 2024, 10:00
Last Modified
Vulnerability information updated
Description
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.03%• Percentile: 8%
Affected Systems
- linux•linux_kernel
< 5.18.13
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500s_firmware
na
- netapp•h700s_firmware
na
References (6)
- https://sick.codes/sick-2022-128
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884
- https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0
- https://security.netapp.com/advisory/ntap-20220901-0003/