{
  "threat_severity" : "Moderate",
  "public_date" : "2022-01-10T14:00:00Z",
  "bugzilla" : {
    "description" : "kernel: use-after-free when psi trigger is destroyed while being polled",
    "id" : "2120175",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2120175"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.", "A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects." ],
  "statement" : "The Pressure Stall Subsystem (PSI) is disabled by default on Red Hat kernels, if the feature has not been explicitly enabled using a kernel boot time parameter of 'psi=1', the system is not affected.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7444",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-425.3.1.rt7.213.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7683",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-425.3.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-03-06T00:00:00Z",
    "advisory" : "RHSA-2024:1188",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "kernel-0:4.18.0-372.95.1.el8_6"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2024-03-06T00:00:00Z",
    "advisory" : "RHSA-2024:1188",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.95.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-2938\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2938" ],
  "name" : "CVE-2022-2938",
  "csaw" : false
}