{ "threat_severity" : "Moderate", "public_date" : "2022-02-16T17:00:00Z", "bugzilla" : { "description" : "kernel: information leak in scsi_ioctl()", "id" : "2039448", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2039448" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-908", "details" : [ "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.", "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality." ], "acknowledgement" : "Red Hat would like to thank Elijahbai (Tencent Security Yunding Lab) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-10-25T00:00:00Z", "advisory" : "RHSA-2022:7134", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-372.32.1.rt7.189.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-10-25T00:00:00Z", "advisory" : "RHSA-2022:7110", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-372.32.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-08-30T00:00:00Z", "advisory" : "RHSA-2022:6248", "cpe" : "cpe:/a:redhat:rhel_eus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.62.1.rt7.134.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6243", "cpe" : "cpe:/o:redhat:rhel_eus:8.4", "package" : "kernel-0:4.18.0-305.62.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-09T00:00:00Z", "advisory" : "RHSA-2022:6003", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-70.22.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-09T00:00:00Z", "advisory" : "RHSA-2022:6002", "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv", "package" : "kernel-rt-0:5.14.0-70.22.1.rt21.94.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-09T00:00:00Z", "advisory" : "RHSA-2022:6003", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-70.22.1.el9_0" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2022-10-25T00:00:00Z", "advisory" : "RHSA-2022:7110", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "kernel-0:4.18.0-372.32.1.el8_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0494\nhttps://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/" ], "name" : "CVE-2022-0494", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }