Bug 2074208 (CVE-2022-28893) - CVE-2022-28893 kernel: use after free in SUNRPC subsystem
Summary: CVE-2022-28893 kernel: use after free in SUNRPC subsystem
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-28893
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2089427 2089428 2089429 2089430
Blocks: 2074211
TreeView+ depends on / blocked
 
Reported: 2022-04-11 19:05 UTC by Pedro Sampaio
Modified: 2024-02-08 16:51 UTC (History)
48 users (show)

Fixed In Version: kernel 5.18 rc2
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s net/sunrpc/xprt.c function in the Remote Procedure Call (SunRPC) protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue.
Clone Of:
Environment:
Last Closed: 2022-12-05 16:22:35 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7444 0 None None None 2022-11-08 09:10:07 UTC
Red Hat Product Errata RHSA-2022:7683 0 None None None 2022-11-08 10:09:33 UTC
Red Hat Product Errata RHSA-2022:7933 0 None None None 2022-11-15 09:44:59 UTC
Red Hat Product Errata RHSA-2022:8267 0 None None None 2022-11-15 10:47:51 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:28:51 UTC

Description Pedro Sampaio 2022-04-11 19:05:49 UTC 
A use-after-free flaw was found in net/sunrpc/xprt.c in the Remote Procedure Call (SunRPC) protocol in the Linux kernel. This flaw could allow a local attacker to crash, and this may even lead to a kernel information leak problem.

References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
http://www.openwall.com/lists/oss-security/2022/04/11/4
http://www.openwall.com/lists/oss-security/2022/04/11/3
Comment 9 errata-xmlrpc 2022-11-08 09:10:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
Comment 10 errata-xmlrpc 2022-11-08 10:09:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
Comment 11 errata-xmlrpc 2022-11-15 09:44:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 12 errata-xmlrpc 2022-11-15 10:47:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 13 Product Security DevOps Team 2022-12-05 16:22:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28893
Comment 16 errata-xmlrpc 2024-02-07 16:28:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Note You need to log in before you can comment on or make changes to this bug.