{ "threat_severity" : "Moderate", "public_date" : "2024-05-03T00:00:00Z", "bugzilla" : { "description" : "kernel: nvme-tcp: fix UAF when detecting digest errors", "id" : "2278931", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2278931" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnvme-tcp: fix UAF when detecting digest errors\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted.", "A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvme_tcp_io_work. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem." ], "statement" : "This vulnerability is only for systems where NVME over TCP being used.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6998", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.124.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6998", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.124.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6998", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.124.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10262", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.81.1.el8_8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48686\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48686\nhttps://lore.kernel.org/linux-cve-announce/2024050342-CVE-2022-48686-5e8e@gregkh/T" ], "name" : "CVE-2022-48686", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }