{ "threat_severity" : "Moderate", "public_date" : "2022-10-09T00:00:00Z", "bugzilla" : { "description" : "kernel: use-after-free related to leaf anon_vma double reuse", "id" : "2133483", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2133483" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", "A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the is_mergeable_anon_vma() function continuously forks, using memory operations to trigger an incorrect reuse of leaf anon_vma. This issue allows a local attacker to crash the system." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2023-03-07T00:00:00Z", "advisory" : "RHSA-2023:1092", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1160.88.1.rt56.1233.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2023-03-07T00:00:00Z", "advisory" : "RHSA-2023:1091", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1160.88.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2736", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2951", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-477.10.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2023-05-31T00:00:00Z", "advisory" : "RHSA-2023:3388", "cpe" : "cpe:/o:redhat:rhel_eus:8.6", "package" : "kernel-0:4.18.0-372.57.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2148", "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv", "package" : "kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4137", "cpe" : "cpe:/a:redhat:rhel_eus:9.0", "package" : "kernel-0:5.14.0-70.64.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4138", "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.64.1.rt21.135.el9_0" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2023-05-31T00:00:00Z", "advisory" : "RHSA-2023:3388", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "kernel-0:4.18.0-372.57.1.el8_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-42703\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42703\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b" ], "name" : "CVE-2022-42703", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }