CVE-2022-45869Race Condition in Kernel

CWE-362Race Condition22 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxPaloalto Pan-os+6 more
Timeline
PublishedNov 30
Latest updateFeb 14

Description

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel< 6.1+1
Debianlinux/linux_kernel< 6.0.12-1+2
Ubuntulinux/linux_kernel< 5.15.0-67.74
debiandebian/linux< linux 6.0.12-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-intel-iotg vulnerabilities2023-03-16
OSV
linux-kvm vulnerabilities2023-03-09
OSV
linux-gkeop vulnerabilities2023-03-08
OSV
linux-ibm, linux-raspi vulnerabilities2023-03-07
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, lin2023-03-02

📋Vendor Advisories

12
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-14
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-09
Ubuntu
Linux kernel (GKE) vulnerabilities2023-03-08