CVE-2022-4379

CVSS V2 None CVSS V3 None

Description

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Overview

CVE ID
CVE-2022-4379

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2023-01-10T22:15:14

Last Modified Date
2023-02-12T22:15:34

Weakness Enumerations

CWE	URL
CWE-416	http://cwe.mitre.org/data/definitions/416.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:linux:linux_kernel::::::::	1	OR		6.1
cpe:2.3:o:linux:linux_kernel:6.1:-::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::	1	OR
cpe:2.3:o:linux:linux_kernel:6.1:rc8::::::	1	OR

References

Reference URL	Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0	Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAVD6JIILAVSRHZ4VXSV3RAAGUXKVXZA/
https://seclists.org/oss-sec/2022/q4/185	Mailing List Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-4379
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4379

History

Created	Old Value	New Value	Data Type	Notes
2023-01-10 22:20:24				Added to TrackCVE
2023-01-10 22:20:24			Weakness Enumeration	new
2023-01-12 05:16:44		2023-01-11T15:09:48	CVE Modified Date	updated
2023-01-12 05:16:44	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-13 16:17:47	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-14 05:14:30		2023-01-14T04:36:39	CVE Modified Date	updated
2023-01-14 05:14:30	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-14 05:14:32			CPE Information	updated
2023-01-15 04:15:29		2023-01-15T04:15:07	CVE Modified Date	updated
2023-01-15 04:15:29	Analyzed	Modified	Vulnerability Status	updated
2023-01-15 04:15:30			References	updated
2023-01-18 15:15:18	Modified	Undergoing Analysis	Vulnerability Status	updated
2023-01-18 19:18:50		2023-01-18T18:38:33	CVE Modified Date	updated
2023-01-18 19:18:50	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-02-12 22:19:26		2023-02-12T22:15:34	CVE Modified Date	updated
2023-02-12 22:19:26	Analyzed	Modified	Vulnerability Status	updated