The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 | Release Notes Third Party Advisory |
https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md | Exploit Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 | Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220901-0003/ | Third Party Advisory |
https://sick.codes/sick-2022-128 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
04 Sep 2022, 19:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
References |
|
08 Aug 2022, 13:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://sick.codes/sick-2022-128 - Exploit, Patch, Third Party Advisory | |
References | (CONFIRM) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo |
29 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-29 14:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-36123
Mitre link : CVE-2022-36123
CVE.ORG link : CVE-2022-36123
JSON object : View
Products Affected
netapp
- h410s
- h700s_firmware
- h500s_firmware
- h410c_firmware
- h300s
- h300s_firmware
- h700s
- h500s
- h410c
- h410s_firmware
linux
- linux_kernel
CWE