CVE-2022-39189Context Switching Race Condition in Kernel

CWE-368Context Switching Race Condition12 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelNetapp HCI Baseboard Management Controller
Timeline
PublishedSep 2
Latest updateFeb 1

Description

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.165.4.244+3
Debianlinux/linux_kernel< 5.10.191-1+3

Patches

Patch: bugs.chromium.orgPatch: cdn.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
OSV
CVE-2022-39189: In multiple functions of many files, there is a possible out of bounds write due to a race condition2023-02-01
GHSA
GHSA-f93p-vc52-m3wg: An issue was discovered the x86 KVM subsystem in the Linux kernel before 52022-09-03
CVEList
CVE-2022-39189: An issue was discovered the x86 KVM subsystem in the Linux kernel before 52022-09-02
OSV
CVE-2022-39189: An issue was discovered the x86 KVM subsystem in the Linux kernel before 52022-09-02

📋Vendor Advisories

7
Android
CVE-2022-39189: KVM2023-02-01
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2022-10-26
Ubuntu
Linux kernel (IBM) vulnerabilities2022-10-14
Ubuntu
Linux kernel vulnerabilities2022-10-10
Microsoft
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VC2022-09-13
CVE-2022-39189 — Context Switching Race Condition | cvebase