{ "threat_severity" : "Important", "public_date" : "2022-12-15T06:30:00Z", "bugzilla" : { "description" : "kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack", "id" : "2152807", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2152807" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial", "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-02-28T00:00:00Z", "advisory" : "RHSA-2023:0951", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.18.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-02-28T00:00:00Z", "advisory" : "RHSA-2023:0979", "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv", "package" : "kernel-rt-0:5.14.0-162.18.1.rt21.181.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-02-28T00:00:00Z", "advisory" : "RHSA-2023:0951", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.18.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-02-28T00:00:00Z", "advisory" : "RHSA-2023:1008", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-03-14T00:00:00Z", "advisory" : "RHSA-2023:1202", "cpe" : "cpe:/a:redhat:rhel_eus:9.0", "package" : "kernel-0:5.14.0-70.49.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-03-14T00:00:00Z", "advisory" : "RHSA-2023:1203", "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.49.1.rt21.120.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-03-23T00:00:00Z", "advisory" : "RHSA-2023:1435", "cpe" : "cpe:/o:redhat:rhel_eus:9.0", "package" : "kpatch-patch" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-4379\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4379\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da\nhttps://seclists.org/oss-sec/2022/q4/185" ], "name" : "CVE-2022-4379", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }