{
  "threat_severity" : "Important",
  "public_date" : "2022-08-19T00:00:00Z",
  "bugzilla" : {
    "description" : "systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c",
    "id" : "2109926",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2109926"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later." ],
  "statement" : "This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but that allows local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. But this flaw does not easily exploit by a remote unauthenticated attacker.",
  "acknowledgement" : "This issue was discovered by Siddharth Sharma (Red Hat Product Security).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-08-24T00:00:00Z",
    "advisory" : "RHSA-2022:6160",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "systemd-0:219-78.el7_9.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-08-29T00:00:00Z",
    "advisory" : "RHSA-2022:6206",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "systemd-0:239-58.el8_6.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-08-24T00:00:00Z",
    "advisory" : "RHSA-2022:6163",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "systemd-0:239-18.el8_1.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-08-24T00:00:00Z",
    "advisory" : "RHSA-2022:6162",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "systemd-0:239-31.el8_2.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-08-24T00:00:00Z",
    "advisory" : "RHSA-2022:6161",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "systemd-0:239-45.el8_4.12"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-09-19T00:00:00Z",
    "advisory" : "RHSA-2022:6551",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.5.2-202209140405_8.6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "systemd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-2526\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2526" ],
  "name" : "CVE-2022-2526",
  "csaw" : false
}