CVE-2022-0516 | Severity.io

Description

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

Related CPE's

o

linux

linux_kernel

4

o

fedoraproject

fedora

2

Vulnerable

virtualization_host

Vulnerable

o

redhat

enterprise_linux

3

o

redhat

enterprise_linux_eus

2

enterprise_linux_for_ibm_z_systems

Vulnerable

enterprise_linux_for_ibm_z_systems_eus

Vulnerable

o

redhat

enterprise_linux_for_power_little_endian

2

o

redhat

enterprise_linux_for_power_little_endian_eus

2

enterprise_linux_server_aus

Vulnerable

enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

Vulnerable

enterprise_linux_server_tus

Vulnerable

enterprise_linux_server_update_services_for_sap_solutions

Vulnerable

codeready_linux_builder

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=2050237

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55

Mailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20220331-0009/

Third Party Advisory

https://www.debian.org/security/2022/dsa-5092

Third Party Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-noinfo

[email protected]

Secondary

CWE-200

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-10T17:44:56.470

3 years ago

Last modified

2022-10-04T21:16:21.837

2 years ago