Bug 2055206 (CVE-2022-0646)
Summary: | CVE-2022-0646 kernel: uaf bug in mctp-serial.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bdettelb, bhu, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, masami256, mchehab, mleitner, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, steved, vkumar, walters, williams, zulinx86 |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A use-after-free flaw was found in the Linux kernel’s Management Component Transport Protocol (MCTP) subsystem in the way a user triggers cancel_work_sync after the unregister_netdev during the removal of the device. This flaw allows a local user to crash or escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-02 21:33:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2055282, 2055285, 2055286 | ||
Bug Blocks: | 2055207 |
Description
Sandipan Roy
2022-02-16 13:24:36 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2055282] Services notaffected per kernel analysis. The MCTP_SERIAL driver came in during the 5.17 merge window and was defaulted to off, so it has not been turned on for any Fedora kernel build just yet. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0646 |