A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables userland to refer to a dangling 'file' object through that still valid file descriptor, leading to all kinds of use-after-free exploitation scenarios.
Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [ bug #2055098 ]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0592 https://access.redhat.com/errata/RHSA-2022:0592
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0620 https://access.redhat.com/errata/RHSA-2022:0620
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0622 https://access.redhat.com/errata/RHSA-2022:0622
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0819 https://access.redhat.com/errata/RHSA-2022:0819
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0821 https://access.redhat.com/errata/RHSA-2022:0821
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0820 https://access.redhat.com/errata/RHSA-2022:0820
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:0841 https://access.redhat.com/errata/RHSA-2022:0841
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0849 https://access.redhat.com/errata/RHSA-2022:0849
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0925 https://access.redhat.com/errata/RHSA-2022:0925
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:1103 https://access.redhat.com/errata/RHSA-2022:1103
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:1107 https://access.redhat.com/errata/RHSA-2022:1107
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:1324 https://access.redhat.com/errata/RHSA-2022:1324
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2022:1373 https://access.redhat.com/errata/RHSA-2022:1373
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-22942