var-202203-0043
Vulnerability from variot
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
-
8.1) - aarch64, noarch, ppc64le, s390x, x86_64
-
Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2022:0819-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0819 Issue date: 2022-03-10 CVE Names: CVE-2021-0920 CVE-2021-4154 CVE-2022-0330 CVE-2022-0435 CVE-2022-0492 CVE-2022-0847 CVE-2022-22942 =====================================================================
- Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 Red Hat Enterprise Linux for Real Time (v. 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
-
kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847)
-
kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
-
kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
-
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
-
kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
-
kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
-
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
kernel symbol '__rt_mutex_init' is exported GPL-only in kernel 4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423)
-
kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree (BZ#2045589)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer
- Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source: kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm
x86_64: kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 8):
Source: kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm
x86_64: kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-002
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippFNzjgjWX9erEAQhDwRAAjsGfW6qXFI81H8xov/wQnw/PdsUOhzDl ISzJEeXALEQCloLH+UDcgo/wV1es00USfBo1H/SpDc5ahjBWP2pbo8QtIRKT6h/k ord4KsAMGjqWRI+zaGbaFoL0q4okMG9H6r731TnhX06CaLXLui8iUJrQLziHo02t /AihF9dW30/w4tXyKeMc73D1lKHImQQFfJo5xpIo8Mm7+6GFrkne8Z46SKXjjyfG IODAcU3wA0C93bbtR4EHEbenVyVVaE5Phn40vxxF00+AQTHoc5nYpOJbDLI3bi1F GbEKQ5pf0jkScwlfEHtHkmjPk92PA/wV41BhPoJw8oKshH4RRxml4Ps0KldI4NrQ ypmDLZ3CfJ+saFbNLN5BARCiqJavF5A4yszHZ5QuopmC1RJx6/rAuE79KkeB0JvW IOaXPzzc05dCqdyVBvNAu+XpVlTbe+XGBR0LalYYjYWxQSrEYAYQ005mcvEWOPRm QfPSM7eOaAzo9RGrMirTm0Gz9BJ0TbvNGiMmMTpLdb6akx1BQcQ5bpAjUCQN0O7j KIFri0FxflweqZswTchfdbW74VuUyTVaeFYKGhp5hFPV6lFkDUFEFC71ANvPaewE X1Z5Ae0gFMD8w5m5eePHqYuEaL6NHtYctHlBh0ef6mrvsKq9lmxJpdXrZUO+eP4w nEhPbkKSmMY= =CLN6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0043", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codeready linux builder", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "5.8" }, { "model": "enterprise linux server for power little endian update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.1" }, { "model": "h700s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux for real time for nfv", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8" }, { "model": "enterprise linux for real time for nfv tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "5.16.11" }, { "model": "ovirt-engine", "scope": "eq", "trust": 1.0, "vendor": "ovirt", "version": "4.4.10.2" }, { "model": "h500s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux for ibm z systems eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.1" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "sma1000", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "12.4.2-02044" }, { "model": "enterprise linux for power little endian eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server for power little endian update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "scalance lpe9403", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "enterprise linux for real time tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux for power little endian", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "h700e", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "h410c", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "5.15" }, { "model": "enterprise linux for real time", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8" }, { "model": "h500e", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux for ibm z systems eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "h300e", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "5.15.25" }, { "model": "enterprise linux for real time for nfv tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux for real time tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux for power little endian eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux server for power little endian update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "h410s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "5.16" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "5.10.102" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "virtualization host", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "enterprise linux server update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "h300s", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "sma1000", "scope": null, "trust": 0.8, "vendor": "sonicwall", "version": null }, { "model": "red hat enterprise linux eus", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "h300s", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ovirt-engine", "scope": null, "trust": 0.8, "vendor": "ovirt", "version": null }, { "model": "red hat enterprise linux for ibm z systems - extended update support", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "red hat enterprise linux for ibm z systems", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "kernel", "scope": null, "trust": 0.8, "vendor": "linux", "version": null }, { "model": "red hat enterprise linux", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "scalance lpe9403", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.16.11", "versionStartIncluding": "5.16", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.15.25", "versionStartIncluding": "5.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.10.102", "versionStartIncluding": "5.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ovirt:ovirt-engine:4.4.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:sonicwall:sma1000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.4.2-02044", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-0847" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "166789" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166280" }, { "db": "PACKETSTORM", "id": "166282" }, { "db": "PACKETSTORM", "id": "166281" }, { "db": "PACKETSTORM", "id": "166265" }, { "db": "PACKETSTORM", "id": "166264" } ], "trust": 0.7 }, "cve": "CVE-2022-0847", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2022-0847", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-0847", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-0847", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202203-522", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-0847", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0847" }, { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "CNNVD", "id": "CNNVD-202203-522" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel-rt security and bug fix update\nAdvisory ID: RHSA-2022:0819-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0819\nIssue date: 2022-03-10\nCVE Names: CVE-2021-0920 CVE-2021-4154 CVE-2022-0330 \n CVE-2022-0435 CVE-2022-0492 CVE-2022-0847 \n CVE-2022-22942 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64\nRed Hat Enterprise Linux for Real Time (v. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new\npipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local\nprivilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall\nparameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush\n(CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may\nlead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation\n(CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation\n(CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* kernel symbol \u0027__rt_mutex_init\u0027 is exported GPL-only in kernel\n4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423)\n\n* kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree\n(BZ#2045589)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation\n2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout\n2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush\n2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation\n2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS\n2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation\n2060795 - CVE-2022-0847 kernel: improper initialization of the \"flags\" member of the new pipe_buffer\n\n6. Package List:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8):\n\nSource:\nkernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\n\nRed Hat Enterprise Linux for Real Time (v. 8):\n\nSource:\nkernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-0920\nhttps://access.redhat.com/security/cve/CVE-2021-4154\nhttps://access.redhat.com/security/cve/CVE-2022-0330\nhttps://access.redhat.com/security/cve/CVE-2022-0435\nhttps://access.redhat.com/security/cve/CVE-2022-0492\nhttps://access.redhat.com/security/cve/CVE-2022-0847\nhttps://access.redhat.com/security/cve/CVE-2022-22942\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippFNzjgjWX9erEAQhDwRAAjsGfW6qXFI81H8xov/wQnw/PdsUOhzDl\nISzJEeXALEQCloLH+UDcgo/wV1es00USfBo1H/SpDc5ahjBWP2pbo8QtIRKT6h/k\nord4KsAMGjqWRI+zaGbaFoL0q4okMG9H6r731TnhX06CaLXLui8iUJrQLziHo02t\n/AihF9dW30/w4tXyKeMc73D1lKHImQQFfJo5xpIo8Mm7+6GFrkne8Z46SKXjjyfG\nIODAcU3wA0C93bbtR4EHEbenVyVVaE5Phn40vxxF00+AQTHoc5nYpOJbDLI3bi1F\nGbEKQ5pf0jkScwlfEHtHkmjPk92PA/wV41BhPoJw8oKshH4RRxml4Ps0KldI4NrQ\nypmDLZ3CfJ+saFbNLN5BARCiqJavF5A4yszHZ5QuopmC1RJx6/rAuE79KkeB0JvW\nIOaXPzzc05dCqdyVBvNAu+XpVlTbe+XGBR0LalYYjYWxQSrEYAYQ005mcvEWOPRm\nQfPSM7eOaAzo9RGrMirTm0Gz9BJ0TbvNGiMmMTpLdb6akx1BQcQ5bpAjUCQN0O7j\nKIFri0FxflweqZswTchfdbW74VuUyTVaeFYKGhp5hFPV6lFkDUFEFC71ANvPaewE\nX1Z5Ae0gFMD8w5m5eePHqYuEaL6NHtYctHlBh0ef6mrvsKq9lmxJpdXrZUO+eP4w\nnEhPbkKSmMY=\n=CLN6\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2022-0847" }, { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "VULMON", "id": "CVE-2022-0847" }, { "db": "PACKETSTORM", "id": "166789" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166280" }, { "db": "PACKETSTORM", "id": "166282" }, { "db": "PACKETSTORM", "id": "166281" }, { "db": "PACKETSTORM", "id": "166265" }, { "db": "PACKETSTORM", "id": "166264" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-0847", "trust": 4.0 }, { "db": "PACKETSTORM", "id": "166230", "trust": 2.4 }, { "db": "PACKETSTORM", "id": "166258", "trust": 2.4 }, { "db": "PACKETSTORM", "id": "166229", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-222547", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-22-167-09", "trust": 1.4 }, { "db": "PACKETSTORM", "id": "176534", "trust": 1.0 }, { "db": "JVN", "id": "JVNVU99030761", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-007117", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166516", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166280", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166305", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166812", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166241", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166569", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032843", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031421", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030808", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042576", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031308", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031036", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1027", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0965", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2981", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1677", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1405", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1064", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0944", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022030042", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022030060", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "50808", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-522", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-0847", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166789", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166282", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166281", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166265", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166264", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0847" }, { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "PACKETSTORM", "id": "166789" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166280" }, { "db": "PACKETSTORM", "id": "166282" }, { "db": "PACKETSTORM", "id": "166281" }, { "db": "PACKETSTORM", "id": "166265" }, { "db": "PACKETSTORM", "id": "166264" }, { "db": "CNNVD", "id": "CNNVD-202203-522" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "id": "VAR-202203-0043", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21111111 }, "last_update_date": "2024-07-23T21:45:03.589000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Bug\u00a02060795", "trust": 0.8, "url": "https://fedoraproject.org/" }, { "title": "Linux kernel Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184957" }, { "title": "Red Hat: Important: kernel-rt security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220822 - security advisory" }, { "title": "Red Hat: Important: kernel security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220831 - security advisory" }, { "title": "Red Hat: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-0847" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-0847" }, { "title": "Dirty-Pipe-Oneshot", "trust": 0.1, "url": "https://github.com/badboy-sft/dirty-pipe-oneshot " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0847" }, { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "CNNVD", "id": "CNNVD-202203-522" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-665", "trust": 1.0 }, { "problemtype": "Improper initialization (CWE-665) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://packetstormsecurity.com/files/166229/dirty-pipe-linux-privilege-escalation.html" }, { "trust": 3.0, "url": "http://packetstormsecurity.com/files/166258/dirty-pipe-local-privilege-escalation.html" }, { "trust": 2.4, "url": "http://packetstormsecurity.com/files/166230/dirty-pipe-suid-binary-hijack-privilege-escalation.html" }, { "trust": 1.6, "url": "https://dirtypipe.cm4all.com/" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "trust": 1.6, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015" }, { "trust": 1.6, "url": "https://www.suse.com/support/kb/doc/?id=000020603" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795" }, { "trust": 1.6, "url": "https://security.netapp.com/advisory/ntap-20220325-0005/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2022-0847" }, { "trust": 1.0, "url": "http://packetstormsecurity.com/files/176534/linux-4.20-ktls-read-only-write.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99030761/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-09" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022030060" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50808" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022030042" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166305/red-hat-security-advisory-2022-0841-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031308" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166241/ubuntu-security-notice-usn-5317-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1405" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031036" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166280/red-hat-security-advisory-2022-0822-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1027" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030808" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1064" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-09" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042576" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166569/ubuntu-security-notice-usn-5362-1.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-0847/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/linux-kernel-file-write-via-dirty-pipe-37724" }, { "trust": 0.6, "url": "https://source.android.com/security/bulletin/2022-05-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0944" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2981" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0965" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031421" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1677" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-0492" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-22942" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-0330" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-002" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-0920" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-4154" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-0435" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22942" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25315" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25236" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25235" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23852" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22822" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22823" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22827" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0392" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0261" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31566" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22826" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3999" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0413" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23219" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22824" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-45960" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23218" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22825" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-46143" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0516" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0361" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0359" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0318" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4083" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4122" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22817" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44716" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1396" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3577" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21684" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0536" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1083" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0822" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0821" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4028" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0831" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0819" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "PACKETSTORM", "id": "166789" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166280" }, { "db": "PACKETSTORM", "id": "166282" }, { "db": "PACKETSTORM", "id": "166281" }, { "db": "PACKETSTORM", "id": "166265" }, { "db": "PACKETSTORM", "id": "166264" }, { "db": "CNNVD", "id": "CNNVD-202203-522" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-0847" }, { "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "db": "PACKETSTORM", "id": "166789" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166280" }, { "db": "PACKETSTORM", "id": "166282" }, { "db": "PACKETSTORM", "id": "166281" }, { "db": "PACKETSTORM", "id": "166265" }, { "db": "PACKETSTORM", "id": "166264" }, { "db": "CNNVD", "id": "CNNVD-202203-522" }, { "db": "NVD", "id": "CVE-2022-0847" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-10T00:00:00", "db": "VULMON", "id": "CVE-2022-0847" }, { "date": "2023-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "date": "2022-04-20T15:12:33", "db": "PACKETSTORM", "id": "166789" }, { "date": "2022-03-29T15:53:19", "db": "PACKETSTORM", "id": "166516" }, { "date": "2022-03-11T16:38:56", "db": "PACKETSTORM", "id": "166280" }, { "date": "2022-03-11T16:39:27", "db": "PACKETSTORM", "id": "166282" }, { "date": "2022-03-11T16:39:13", "db": "PACKETSTORM", "id": "166281" }, { "date": "2022-03-11T16:31:15", "db": "PACKETSTORM", "id": "166265" }, { "date": "2022-03-11T16:31:02", "db": "PACKETSTORM", "id": "166264" }, { "date": "2022-03-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-522" }, { "date": "2022-03-10T17:44:57.283000", "db": "NVD", "id": "CVE-2022-0847" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-01-12T00:00:00", "db": "VULMON", "id": "CVE-2022-0847" }, { "date": "2023-07-12T06:29:00", "db": "JVNDB", "id": "JVNDB-2022-007117" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-522" }, { "date": "2024-07-02T17:05:01.307000", "db": "NVD", "id": "CVE-2022-0847" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-522" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux\u00a0Kernel\u00a0 Initialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007117" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-522" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.