CVE-2022-1651

Published: Jul 26, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.12 to 5.15.33
Linux Linux Kernel	From 5.16 to 5.16.19
Linux Linux Kernel	From 5.17 to 5.17.2

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220901-0008/

Source: secalert@redhat.com

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220901-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.