CVE-2022-1184
published 2022-08-29CVE-2022-1184: A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 5.19.6-1 (bookworm) | linux 5.19.6-1 (bookworm) |
| github.com | apptainer_apptainer | >= 0 < 1.1.8 | 1.1.8 |
| linux | linux_kernel | < 4.9.138 | 4.9.138 |
| linux | linux_kernel | < 4.14.283 | 4.14.283 |
| linux | linux_kernel | < 4.19.247 | 4.19.247 |
| linux | linux_kernel | < 5.4.198 | 5.4.198 |
| linux | linux_kernel | < 5.10.121 | 5.10.121 |
| linux | linux_kernel | < 5.15.46 | 5.15.46 |
| linux | linux_kernel | < 5.17.14 | 5.17.14 |
| linux | linux_kernel | < 5.18.3 | 5.18.3 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.149-1 | 5.10.149-1 |
| linux | linux_kernel | >= 0 < 5.19.6-1 | 5.19.6-1 |
| linux | linux_kernel | >= 0 < 5.19.6-1 | 5.19.6-1 |
| linux | linux_kernel | >= 0 < 5.19.6-1 | 5.19.6-1 |
| linux | linux_kernel | >= 0 < 5.4.0-156.173 | 5.4.0-156.173 |
| linux | linux_kernel | >= 0 < 4.4.0-242.276 | 4.4.0-242.276 |
| linux | linux_kernel | >= 0 < 4.15.0-214.225 | 4.15.0-214.225 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ghsa5.5MEDIUM
osv5.5MEDIUM
OSV
linux-azure-5.4 vulnerabilities
osv·2023-09-04·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux-azure-5.4 vulnerabilities
linux-azure-5.4 vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (
OSV
linux-azure vulnerabilities
osv·2023-08-31·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux-azure vulnerabilities
linux-azure vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (syst
OSV
linux-bluefield, linux-ibm vulnerabilities
osv·2023-08-29·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux-bluefield, linux-ibm vulnerabilities
linux-bluefield, linux-ibm vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial o
OSV
linux-gke, linux-ibm-5.4 vulnerabilities
osv·2023-08-28·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux-gke, linux-ibm-5.4 vulnerabilities
linux-gke, linux-ibm-5.4 vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of
OSV
linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities
osv·2023-08-17·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities
linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a
OSV
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2023-08-11·CVSS 5.5
CVE-2020-36691 [MEDIUM] linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vuln
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
osv·2023-07-26·CVSS 5.5
CVE-2022-1184 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (system crash). (CVE-2022-1184)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
v
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2023-07-12·CVSS 4.7
CVE-2021-20321 [MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)
It was discovered that the virtual terminal (vt) device implementation in
the Linux kernel contained a race condition in its ioctl handling that led
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-3753)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (sy
OSV
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
osv·2023-04-25·CVSS 5.5
CVE-2023-30549 [MEDIUM] Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
### Impact
There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.
### Background
Historically there have been many CVEs published for extfs and a smaller number for squashfs, including serious use-after-free and buffer overrun vulnerabilities, that are sco
GHSA
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
ghsa·2023-04-25·CVSS 5.5
CVE-2023-30549 [MEDIUM] CWE-416 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
### Impact
There is an ext4 use-after-free flaw described in CVE-2022-1184 that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.
### Background
Historically there have been many CVEs published for extfs and a smaller number for squashfs, including serious use-after-free and buffer overrun vulnerabilities, that are sco
GHSA
Jenkins Script Security Plugin sandbox bypass vulnerability
ghsa·2022-10-19
CVE-2022-43403 [CRITICAL] CWE-693 Jenkins Script Security Plugin sandbox bypass vulnerability
Jenkins Script Security Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Script Security Plugin 1184.v85d16b_d851b_3 intercepts per-element casts when casting array-like values to array types.
OSV
CVE-2022-1184: A use-after-free flaw was found in fs/ext4/namei
osv·2022-08-29·CVSS 5.5
CVE-2022-1184 [MEDIUM] CVE-2022-1184: A use-after-free flaw was found in fs/ext4/namei
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Kernel
ext4: fix check for block being out of directory size
kernel_security·2022-08-22·CVSS 5.5
CVE-2022-1184 [MEDIUM] ext4: fix check for block being out of directory size
ext4: fix check for block being out of directory size
The check in __ext4_read_dirblock() for block being outside of directory
size was wrong because it compared block number against directory size
in bytes. Fix it.
Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size")
CVE: CVE-2022-1184
CC: [email protected]
Signed-off-by: Jan Kara
Reviewed-by: Lukas Czerner
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Theodore Ts'o
Kernel
ext4: check if directory block is within i_size
kernel_security·2022-07-04·CVSS 5.5
CVE-2022-1184 [MEDIUM] ext4: check if directory block is within i_size
ext4: check if directory block is within i_size
Currently ext4 directory handling code implicitly assumes that the
directory blocks are always within the i_size. In fact ext4_append()
will attempt to allocate next directory block based solely on i_size and
the i_size is then appropriately increased after a successful
allocation.
However, for this to work it requires i_size to be correct. If, for any
reason, the directory inode i_size is corrupted in a way that the
directory tree refers to a valid directory block past i_size, we could
end up corrupting parts of the directory tree structure by overwriting
already used directory blocks when modifying the directory.
Fix it by catching the corruption early in __ext4_read_dirblock().
Addresses Red-Hat-Bugzilla: #2070205
CVE: CVE-2022-1184
Si
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-09-04·CVSS 5.5
CVE-2022-27672 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a maliciou
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2023-08-31·CVSS 5.5
CVE-2023-2124 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a maliciou
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-08-29·CVSS 5.5
CVE-2022-0168 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 f
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-08-28·CVSS 5.5
CVE-2023-2124 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 f
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-08-17·CVSS 5.5
CVE-2023-1990 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 f
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-07-26·CVSS 5.5
CVE-2023-3390 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (system crash). (CVE-2022-1184)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-07-12·CVSS 4.7
CVE-2022-29901 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)
It was discovered that the virtual terminal (vt) device implementation in
the Linux kernel contained a race condition in its ioctl handling that led
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-3753)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when moun
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
cisa_ics·2023-06-15·CVSS 5.5
[MEDIUM] Siemens SIMATIC S7-1500 TM MFP Linux Kernel
ICS Advisory
##
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
Release DateJune 15, 2023
Alert CodeICSA-23-166-11
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity / public exploits available
- Vendor: Siemens ProductCERT
- Equipment: SIMATIC S7-1500 TM MFP
- Vulnerabilities: Multiple vulnerabilities
## 2. RISK EVALUATION
Exploitation of these vulnerabilities could lead to denial-of-service, crashing t
Red Hat
kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
vendor_redhat·2022-04-18·CVSS 5.5
CVE-2022-1184 [MEDIUM] CWE-416 kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Debian
CVE-2022-1184: linux - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linu...
vendor_debian·2022·CVSS 5.5
CVE-2022-1184 [MEDIUM] CVE-2022-1184: linux - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linu...
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Scope: local
bookworm: resolved (fixed in 5.19.6-1)
bullseye: resolved (fixed in 5.10.149-1)
forky: resolved (fixed in 5.19.6-1)
sid: resolved (fixed in 5.19.6-1)
trixie: resolved (fixed in 5.19.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/CVE-2022-1184https://bugzilla.redhat.com/show_bug.cgi?id=2070205https://lists.debian.org/debian-lts-announce/2022/11/msg00001.htmlhttps://ubuntu.com/security/CVE-2022-1184https://www.debian.org/security/2022/dsa-5257https://access.redhat.com/security/cve/CVE-2022-1184https://bugzilla.redhat.com/show_bug.cgi?id=2070205https://lists.debian.org/debian-lts-announce/2022/11/msg00001.htmlhttps://ubuntu.com/security/CVE-2022-1184https://www.debian.org/security/2022/dsa-5257
2022-08-29
Published