VIR Vulnerability Intelligence Relay

CVE-2022-0617

medium
Published 2022-11-15 Β· Modified 2022-11-18
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

Moderate: kernel security, bug fix, and enhancement update

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback Red Hat statement As the UDF module (udf.ho) will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install udf /bin/true" >> /etc/modprobe.d/disable-udf.conf If the system requires this module t\work correctly, this…

Workaround

may not be suitable. If you need further assistance, see the KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Description

kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback

Red Hat statement

As the UDF module (udf.ho) will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install udf /bin/true" >> /etc/modprobe.d/disable-udf.conf If the system requires this module t\work correctly, this mitigation may not be suitable. If you need further assistance, see the KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-425.3.1.rt7.213.el8RHSA-2022:74442022-11-08T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-425.3.1.el8RHSA-2022:76832022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Supportkernel-0:4.18.0-372.91.1.el8_6RHSA-2024:07242024-02-07T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-162.6.1.el9_1RHSA-2022:82672022-11-15T00:00:00Z
Red Hat Enterprise Linux 9kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1RHSA-2022:79332022-11-15T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-162.6.1.el9_1RHSA-2022:82672022-11-15T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernel-0:4.18.0-372.91.1.el8_6RHSA-2024:07242024-02-07T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope

Apply commands

bash fix
Apply RHSA-2022:7444 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
9 Fixed kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1.x86_64.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 5.16.7-1
sid Fixed 5.16.7-1
forky Fixed 5.16.7-1
bullseye Fixed 5.10.103-1
bookworm Fixed 5.16.7-1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.