CVE-2022-1184

Published: Aug 29, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Affected (22)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Debian: Debian Linux · +1 more

Show all products

Linux: Linux Kernel · Redhat: Enterprise Linux · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

Enterprise Linux

1 product

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	After 2.6.12 to 4.9.138
Linux Linux Kernel	After 4.14 to 4.14.283
Linux Linux Kernel	After 4.19 to 4.19.247
Linux Linux Kernel	After 5.10 to 5.10.121
Linux Linux Kernel	After 5.15 to 5.15.46
Linux Linux Kernel	After 5.17 to 5.17.14
Linux Linux Kernel	After 5.18 to 5.18.3
Linux Linux Kernel	After 5.4 to 5.4.198
Linux Linux Kernel	Version 2.6.12
Linux Linux Kernel	Version 2.6.12 rc2
Linux Linux Kernel	Version 2.6.12 rc3
Linux Linux Kernel	Version 2.6.12 rc4
Linux Linux Kernel	Version 2.6.12 rc5
Linux Linux Kernel	Version 2.6.12 rc6

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

https://access.redhat.com/security/cve/CVE-2022-1184

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2070205

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://ubuntu.com/security/CVE-2022-1184

Source: secalert@redhat.com

PatchThird Party Advisory

https://www.debian.org/security/2022/dsa-5257

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2022-1184

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2070205

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://ubuntu.com/security/CVE-2022-1184

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.debian.org/security/2022/dsa-5257

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.