Bug 2063786 (CVE-2022-0995) - CVE-2022-0995 kernel: kernel bug in the watch_queue subsystem
Summary: CVE-2022-0995 kernel: kernel bug in the watch_queue subsystem
Alias: CVE-2022-0995
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2063758 2064545 2064546 2064547 2064548 2064549
Blocks: 2063781 2064720
TreeView+ depends on / blocked
Reported: 2022-03-14 11:43 UTC by Sandipan Roy
Modified: 2023-01-25 05:40 UTC (History)
51 users (show)

Fixed In Version: kernel 5.17 rc8
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
Clone Of:
Last Closed: 2022-05-17 12:17:02 UTC

Attachments (Terms of Use)

Description Sandipan Roy 2022-03-14 11:43:23 UTC
The watch_queue event notification subsystem in the kernel has a couple of out of bounds writes that can be triggered by any user.  These can be used to overwrite parts of the kernel state, potentially allowing the user to gain privileged access to or panic the system.


Comment 3 Rohit Keshri 2022-03-16 07:14:16 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2064549]

Comment 9 Product Security DevOps Team 2022-05-17 12:16:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Comment 10 Roxana Bradescu 2022-09-16 05:14:08 UTC
Was just looking at CVE-2022-0995 and noticed that the CVSS vector on the Red Hat site is correct CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H but it is wrong in NVD CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
It's a High severity vulnerability either way but we feel that making sure that everyone realizes the impact includes Integrity is important. Is there a way that Red Hat can push an update to NVD? Thanks!!

Comment 11 Rohit Keshri 2023-01-25 05:40:27 UTC
Thank you, CVSS was corrected on the NVD.

Note You need to log in before you can comment on or make changes to this bug.