Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv3

CVE-2022-0494

Published: 25/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Subscribe to Linux

Vulnerability Summary

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c function in RPCRDMA_HDRLEN_MIN (7) (in rpcrdma_max_call_header_size, rpcrdma_max_reply_header_size). This flaw allows an attacker with normal user privileges to leak kernel information. (CVE-2022-0812) Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an malicious user to leak information and may cause a denial of service. (CVE-2022-1012) A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. (CVE-2022-1184) A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. (CVE-2022-1966) net/netfilter/nf_tables_api.c in the Linux kernel up to and including 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250) The Linux kernel prior to 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296) An issue exists in the Linux kernel up to and including 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

linux linux kernel 5.17

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5173-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escalate privileges CVE-2022-0494 The ...
Debian Security Advisories: DSA-5161-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2022-0494 The scsi_ioctl() was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities CVE-2022-0854 Ali Haider discovered a pot ...
Amazon Linux AMI: ALAS-2022-1604
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctlc in the Linux kernel This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality (CVE-2022-0494) An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtr ...
Ubuntu Security Notice: USN-5381-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5560-2: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5560-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5582-1: Linux kernel (Azure CVM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5562-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: Important: OpenShift Container Platform 4.11.12 security update
Synopsis Important: OpenShift Container Platform 41112 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41112 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...
Red Hat: Moderate: kernel security and bug fix update
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update
Synopsis Important: OpenShift Virtualization 487 Images bug fixes and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 487 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upd ...
Red Hat: Moderate: kernel-rt security and bug fix update
Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Sec ...
Red Hat: Important: OpenShift Container Platform 4.10.31 security update
Synopsis Important: OpenShift Container Platform 41031 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41031 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Moderate: Openshift Logging 5.3.13 security and bug fix release
Synopsis Moderate: Openshift Logging 5313 security and bug fix release Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Logging 53Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed se ...
Red Hat: Important: OpenShift Virtualization 4.9.6 Images security and bug fix update
Synopsis Important: OpenShift Virtualization 496 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 496 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a securit ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates
Synopsis Moderate: Red Hat Advanced Cluster Management 248 security fixes and container updates Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 248 GeneralAvailability release images, which fix security issuesRed Hat Product Security has rated this update as having a security impactof Mo ...
Red Hat: Important: OpenShift Container Platform 4.9.48 bug fix and security update
Synopsis Important: OpenShift Container Platform 4948 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4948 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: OpenShift Container Platform 4.9.48 extras security update
Synopsis Moderate: OpenShift Container Platform 4948 extras security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4948 is now available withupdates to packages and images that fix several bugsRed Hat Product Security has rated this update as having a security impact of Moderate A Co ...
Red Hat: Moderate: Logging Subsystem 5.5.4 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 554 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 554 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Moderate: kernel security, bug fix, and enhancement update
Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...
Red Hat: Moderate: kernel-rt security and bug fix update
Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this updat ...
Red Hat: Important: OpenShift Container Platform 4.8.49 security update
Synopsis Important: OpenShift Container Platform 4849 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4849 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impactof ...
Red Hat: Moderate: OpenShift Container Platform 4.7.59 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4759 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4759 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 262 security update and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 262 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-014
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctlc in the Linux kernel This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality (CVE-2022-0494) A memory leak flaw was found in the Linux kernel's DMA subsystem, in the wa ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-026
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctlc in the Linux kernel This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality (CVE-2022-0494) A memory leak flaw was found in the Linux kernel's DMA subsystem, in the wa ...
Amazon Linux 2: ALAS2-2022-1813
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctlc in the Linux kernel This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality (CVE-2022-0494) An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtr ...

References

CWE-908https://bugzilla.redhat.com/show_bug.cgi?id=2039448https://www.debian.org/security/2022/dsa-5161https://lists.debian.org/debian-lts-announce/2022/07/msg00000.htmlhttps://www.debian.org/security/2022/dsa-5173https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5173https://ubuntu.com/security/notices/USN-5381-1https://alas.aws.amazon.com/ALAS-2022-1604.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook