Vulnerability Name:

CVE-2022-28893 (CCN-223864)

Assigned:2022-04-11
Published:2022-04-11
Updated:2023-05-15
Summary:
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
5.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-28893

Source: cve@mitre.org
Type: Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Mailing List, Patch
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
linux-kernel-cve202228893-code-exec(223864)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Linux Kernel GIT Repository
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()

Source: CCN
Type: oss-sec Mailing List, Mon, 11 Apr 2022 16:20:56 +0800
CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6854985 (Spectrum Copy Data Management)
Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:9::nfv:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/a:redhat:enterprise_linux:9::realtime:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*
    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.17.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    		kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    		reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    		kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20227933
    P
    		RHSA-2022:7933: kernel-rt security and bug fix update (Moderate)
    2022-11-15
    oval:com.redhat.rhsa:def:20228267
    P
    		RHSA-2022:8267: kernel security, bug fix, and enhancement update (Moderate)
    2022-11-15
    oval:com.redhat.rhsa:def:20227683
    P
    		RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate)
    2022-11-08
    oval:com.redhat.rhsa:def:20227444
    P
    		RHSA-2022:7444: kernel-rt security and bug fix update (Moderate)
    2022-11-08
    oval:org.opensuse.security:def:3448
    P
    		busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3453
    P
    		clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3567
    P
    		libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3398
    P
    		wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95083
    P
    		kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    		kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95028
    P
    		kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95078
    P
    		reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:118737
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119607
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118927
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118189
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119232
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118647
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119422
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:42282
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1760
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:890
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1559
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:42284
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1803
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1168
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1596
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:481
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:42381
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1234
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1750
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:42383
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:1350
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    BACK
    linux linux kernel 5.17.2
    ibm spectrum protect plus 10.1.0
    ibm spectrum copy data management 2.2.0.0