Vulnerability CVE-2022-0850

Vulnerability Name:

CVE-2022-0850 (CCN-224232)

Assigned:

2022-03-03

Published:

2022-03-03

Updated:

2022-09-06

Summary:

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

CVSS v3 Severity:

7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-0850

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0850

Source: CCN
Type: Red Hat Bugzilla - Bug 2060606
CVE-2022-0850 kernel: information leak in copy_page_to_iter() in iov_iter.c

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2060606

Source: XF
Type: UNKNOWN
linux-kernel-cve20220850-info-disc(224232)

Source: CCN
Type: Linux Kernel GIT Repository
ext4: fix kernel infoleak via ext4_extent_header

Source: MISC
Type: Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8

Source: CCN
Type: IBM Security Bulletin 6593539 (Spectrum Copy Data Management)
Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6596971 (Spectrum Protect Plus)
Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2022-0850

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 5.14)

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.15.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42370	P	Security update for the Linux Kernel (Important)	2022-04-26
oval:org.opensuse.security:def:42269	P	Security update for the Linux Kernel (Important)	2022-04-26
oval:org.opensuse.security:def:102155	P	Security update for the Linux Kernel (Important)	2022-04-26
oval:org.opensuse.security:def:1595	P	Security update for the Linux Kernel (Important)	2022-04-26
oval:org.opensuse.security:def:4733	P	Security update for the Linux Kernel (Important)	2022-04-26
oval:org.opensuse.security:def:42175	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:127257	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:125349	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:125694	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:118437	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:126860	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:6012	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:125110	P	Security update for the Linux Kernel (Important)	2022-04-19
oval:org.opensuse.security:def:119177	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:6327	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:118680	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:5220	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:119367	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:118122	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:4294	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:118870	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:6009	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:119552	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:4573	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:42174	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:119060	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:118644	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:1231	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:101952	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:99471	P	(Important)	2022-04-13
oval:org.opensuse.security:def:1747	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:102349	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:101586	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:42265	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:1299	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:99733	P	(Important)	2022-04-13
oval:org.opensuse.security:def:1797	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:855	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:101835	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:100399	P	(Important)	2022-04-13
oval:org.opensuse.security:def:1157	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:101891	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:42368	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:102305	P	Security update for the Linux Kernel (Important)	2022-04-13
oval:org.opensuse.security:def:100732	P	(Important)	2022-04-13
oval:org.opensuse.security:def:102121	P	Security update for the Linux Kernel (Important)	2022-04-12
oval:org.opensuse.security:def:1557	P	Security update for the Linux Kernel (Important)	2022-04-12

BACK