Vulnerability Details : CVE-2022-1678
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
Products affected by CVE-2022-1678
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0 and up to, including, (<=) 11.70.2cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1678
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1678
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
OpenAnolis |
CWE ids for CVE-2022-1678
-
The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.Assigned by: security@openanolis.org (Secondary)
References for CVE-2022-1678
-
https://security.netapp.com/advisory/ntap-20220715-0001/
CVE-2022-1678 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a
tcp: fix possible socket leaks in internal pacing mode · torvalds/linux@0a70f11 · GitHubPatch;Third Party Advisory
-
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143
ANSA-2022:0143 - ANAS(OpenAnolis Advisory System)Third Party Advisory
-
https://anas.openanolis.cn/cves/detail/CVE-2022-1678
CVE-2022-1678 - ANAS(OpenAnolis Advisory System)Third Party Advisory
-
https://bugzilla.openanolis.cn/show_bug.cgi?id=61
61 – TCP sock leaks with BBR internal pacingIssue Tracking;Patch;Third Party Advisory
-
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/
[PATCH] tcp: fix TCP socks unreleased in BBR mode - kerneljasonxingExploit;Patch;Vendor Advisory
-
https://gitee.com/anolis/cloud-kernel/commit/bed537da691b
Login - GiteePermissions Required
Jump to