2115342 – (CVE-2022-36123) CVE-2022-36123 kernel: lacks a certain clear operation for the block starting symbol (.bss) cause a denial of service or gain privileges

Bug 2115342 (CVE-2022-36123) - CVE-2022-36123 kernel: lacks a certain clear operation for the block starting symbol (.bss) cause a denial of service or gain privileges

Summary: CVE-2022-36123 kernel: lacks a certain clear operation for the block starting...

Keywords:
Status:	NEW
Alias:	CVE-2022-36123
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2116139 2116140 2116141
Blocks:	2112774
TreeView+	depends on / blocked

Reported:	2022-08-04 13:05 UTC by Alex
Modified:	2023-09-19 14:13 UTC (History)
CC List:	48 users (show)
Fixed In Version:	Linux kernel 5.19-rc8
Doc Type:	If docs needed, set a value
Doc Text:	A memory access flaw was found in the Linux kernel’s XEN hypervisor for the virtual machine. This flaw allows a local user to crash the system or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Alex 2022-08-04 13:05:20 UTC

A flaw in Linux Kernel found in XEN (that is hypervisor for virtual machine execution that is alternative to the KVM, Kernel-based Virtual Machine).
The block starting symbol (.bss) where statically allocated variables in the .bss may not be cleared correctly, affecting XenPV guests, leading to an asm_exc_page_fault, or arbitrary code execution.
An unprivileged local attacker on the host, or guest, may potentially use this flaw.
The vulnerability is actual for the Linux kernel mainline v5.18-rc1 through v5.19-rc7.


Reference:
https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884

Additional references:
https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0
https://github.com/torvalds/linux/commit/fa1f57421e0b1c57843902c89728f823abc32f02
https://github.com/torvalds/linux/commit/8b87d8cec1b31ea710568ae49ba5f5146318da0d

Comment 2 Alex 2022-08-07 12:53:46 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2116139]

Comment 4 Justin M. Forbes 2022-08-11 12:54:35 UTC

This was fixed for Fedora with the 5.18.13 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
brdeoliv
chwhite
crwood
ddepaula
debarbos
dvlasenk
hdegoede
hkrzesin
hpa
jarod
jarodwilson
jburrell
jfaracco
jferlan
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
tyberry
vkumar
walters
williams