CVE-2022-0516Sensitive Information Exposure in Kernel

CWE-200Sensitive Information ExposureCWE-787Out-of-bounds Write11 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 72.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Linux KernelDebian LinuxFedoraproject Fedora+11 more
Timeline
PublishedMar 10
Latest updateApr 6

Description

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel< 5.17+1
Debianlinux/linux_kernel< 5.10.92-2+3
CVEListV5linux/linux_kernelLinux kernel versions prior to 5.17-rc4

Also affects: Debian Linux 11.0, Enterprise Linux 8.0, 8.4, Fedora 34, 35

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-j8f5-q8pj-2j78: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s3902022-03-11
OSV
CVE-2022-0516: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s3902022-03-10
CVEList
CVE-2022-0516: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s3902022-03-08

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22
Microsoft
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obta2022-03-08
CVE-2022-0516 — Sensitive Information Exposure | cvebase