← Back

CVE-2022-28796

nvd nist
Published: Apr 8, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Affected (16)

Show all products
Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora · Netapp: Active Iq Unified Manager, Solidfire, Enterprise Sds & Hci Storage Node, Solidfire & Hci Management Node, Hci Compute Node Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware, H410c Firmware
Linux
1 product
Linux Kernel
Redhat
1 product
Enterprise Linux
Fedoraproject
1 product
Fedora
Netapp
12 products
Active Iq Unified Manager
Solidfire, Enterprise Sds & Hci Storage Node
Solidfire & Hci Management Node
Hci Compute Node Firmware
H300s Firmware
H500s Firmware
H700s Firmware
H300e Firmware
H500e Firmware
H700e Firmware
H410s Firmware
H410c Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
From 5.17 to 5.17.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 6.0
Enterprise Linux
Version 7.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 35
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Active Iq Unified Manager
All versions
Solidfire, Enterprise Sds & Hci Storage Node
All versions
Solidfire & Hci Management Node
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci Compute Node Firmware
All versions
Running on/withPlatform Versions
Netapp
Hci Compute Node
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300e Firmware
All versions
Running on/withPlatform Versions
Netapp
H300e
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500e Firmware
All versions
Running on/withPlatform Versions
Netapp
H500e
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700e Firmware
All versions
Running on/withPlatform Versions
Netapp
H700e
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions

Related CWEs

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (6)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.