CVE-2022-29968

Description

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Related CPE's

alinuxlinux_kernel********

ofedoraprojectfedora34*******

ofedoraprojectfedora35*******

ofedoraprojectfedora36*******

onetapph300s_firmware-*******

hnetapph300s-*******

onetapph500s_firmware-*******

hnetapph500s-*******

onetapph700s_firmware-*******

hnetapph700s-*******

References

https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d

PatchThird Party Advisory

FEDORA-2022-e9378a3573

Mailing ListThird Party Advisory

FEDORA-2022-a0f65397a3

Mailing ListThird Party Advisory

FEDORA-2022-fd85148be2

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220715-0009/

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

7.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

4.599999904632568

Created by Yello
About Severity.io