CVE-2022-1678

CWE-9116 documents6 sources

Severity

7.5HIGH

EPSS

1.5%

top 18.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Netapp E-series Santricity OS Controller

Timeline

PublishedMay 25

Latest updateMay 26

Description

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel4.18 — 4.19

▶CVEListV5kernel4.18 — unspecified+1

▶Debianlinux< 5.2.6-1+3

▶NVDnetapp/e-series_santricity_os_controller11.0 — 11.70.2

Patches

Patch: bugzilla.openanolis.cn ↗Patch: github.com ↗Patch: bugzilla.openanolis.cn ↗

🔴Vulnerability Details

GHSA

GHSA-x4fc-h5x4-26gr: An issue was discovered in the Linux Kernel from 4↗2022-05-26

▶

CVEList

CVE-2022-1678: An issue was discovered in the Linux Kernel from 4↗2022-05-25

▶

OSV

CVE-2022-1678: An issue was discovered in the Linux Kernel from 4↗2022-05-25

▶

📋Vendor Advisories

Red Hat

kernel: improper update of sock reference in TCP pacing can lead to memory leak↗2022-05-20

▶

Debian

CVE-2022-1678: linux - An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper updat...↗2022

▶