CVE-2022-0171 — Incomplete Cleanup in Kernel

CWE-459 — Incomplete Cleanup CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer CWE-20 — Improper Input Validation15 documents10 sources

Severity

5.5MEDIUMNVD

CISA9.8

EPSS

0.0%

top 86.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedAug 26

Latest updateJun 15

Description

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 5.18+1

▶Debianlinux/linux_kernel< 5.10.149-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-57.63

▶CVEListV5linux/linux_kernelFixed in kernel 5.18-rc4

Also affects: Debian Linux 10.0, 11.0, Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-gke-5.15 vulnerabilities↗2023-02-15

▶

OSV

linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities↗2023-01-09

▶

OSV

linux, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, vulnerabilities↗2023-01-06

▶

GHSA

GHSA-963w-7frp-mf37: A flaw was found in the Linux kernel↗2022-08-27

▶

OSV

CVE-2022-0171: A flaw was found in the Linux kernel↗2022-08-26

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 TM MFP Linux Kernel↗2023-06-15

▶

Ubuntu

Linux kernel (GKE) vulnerabilities↗2023-02-15

▶

Ubuntu

Linux kernel vulnerabilities↗2023-01-09

▶

Ubuntu

Linux kernel vulnerabilities↗2023-01-06

▶

Microsoft

▶