Vulnerability CVE-2022-0998: Information

Description

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0998

Published: March 30, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-190

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-mp	sisyphus	5.15.12-alt1	6.9.4-alt1	ALT-PU-2021-3644-1	292782	Fixed
kernel-image-mp	p10	6.1.19-alt1	6.1.19-alt1	ALT-PU-2023-4894-3	327092	Fixed
kernel-image-mp	p11	5.15.12-alt1	6.8.8-alt1	ALT-PU-2021-3644-1	292782	Fixed
kernel-image-rpi-def	sisyphus	5.15.25-alt1	5.15.92-alt2	ALT-PU-2022-1419-1	296090	Fixed
kernel-image-rpi-def	p10	5.15.25-alt1	5.15.92-alt2	ALT-PU-2022-1421-1	296181	Fixed
kernel-image-rpi-def	p11	5.15.25-alt1	5.15.92-alt2	ALT-PU-2022-1419-1	296090	Fixed
kernel-image-rpi-un	sisyphus	5.15.13-alt1	6.6.23-alt1	ALT-PU-2022-1015-1	293241	Fixed
kernel-image-rpi-un	p10	5.15.13-alt1	6.1.77-alt1	ALT-PU-2022-1016-1	293286	Fixed
kernel-image-rpi-un	p11	5.15.13-alt1	6.6.23-alt1	ALT-PU-2022-1015-1	293241	Fixed
kernel-image-rt	sisyphus	5.10.90-alt1.rt60	6.1.92-alt1.rt32	ALT-PU-2022-1012-1	293156	Fixed
kernel-image-rt	p10	5.10.100-alt1.rt62	5.10.218-alt1.rt110	ALT-PU-2022-1428-1	295376	Fixed
kernel-image-rt	p11	5.10.90-alt1.rt60	6.1.90-alt2.rt30	ALT-PU-2022-1012-1	293156	Fixed
kernel-image-std-def	sisyphus	5.10.88-alt1	6.1.93-alt1	ALT-PU-2021-3611-1	292506	Fixed
kernel-image-std-def	p10	5.10.88-alt1	5.10.218-alt1	ALT-PU-2021-3636-1	292505	Fixed
kernel-image-std-def	c9f2	5.10.104-alt0.c9f.2	5.10.214-alt0.c9f.2	ALT-PU-2022-1467-1	296399	Fixed
kernel-image-std-def	p11	5.10.88-alt1	6.1.91-alt1	ALT-PU-2021-3611-1	292506	Fixed
kernel-image-std-kvm	sisyphus	5.10.91-alt1	5.10.176-alt1	ALT-PU-2022-1057-1	293503	Fixed
kernel-image-std-kvm	p11	5.10.91-alt1	5.10.176-alt1	ALT-PU-2022-1057-1	293503	Fixed
kernel-image-un-def	sisyphus	5.15.11-alt1	6.6.33-alt1	ALT-PU-2021-3610-1	292507	Fixed
kernel-image-un-def	sisyphus_riscv64	5.16.8-alt1.rv64	6.6.32-alt1.0.port	ALT-PU-2022-3985-1	-	Fixed
kernel-image-un-def	p10	5.15.11-alt2	6.1.90-alt1	ALT-PU-2021-3660-1	291610	Fixed
kernel-image-un-def	p9	5.10.89-alt1	5.10.218-alt1	ALT-PU-2022-1017-1	292817	Fixed
kernel-image-un-def	c10f1	5.15.11-alt2	6.1.85-alt0.c10f.1	ALT-PU-2021-3660-1	291610	Fixed
kernel-image-un-def	p11	5.15.11-alt1	6.6.31-alt1	ALT-PU-2021-3610-1	292507	Fixed
linux-tools	sisyphus_riscv64	5.16-alt1	6.9-alt1	ALT-PU-2022-3659-1	-	Fixed
linux-tools	p10	6.1-alt0.p10.1	6.1-alt0.p10.1	ALT-PU-2023-4282-2	323593	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
[oss-security] 20220402 Re: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20220513-0003/	Third Party Advisory
https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal%40kernel.org/

Affected configurations:
1. Configuration 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  5.7
  End excliding
  5.10.88
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  5.11
  End excliding
  5.15.11
  
  Configuration 2
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2022-0998: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9