A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2048738 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220602-0001/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/02/10/1 | Exploit Mailing List Mitigation Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
19 Oct 2022, 15:25
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220602-0001/ - Third Party Advisory | |
First Time |
Netapp h500e
Netapp h700e Firmware Netapp h500s Netapp h700s Netapp h500e Firmware Netapp h300s Netapp h700e Netapp h410s Firmware Netapp Netapp h300s Firmware Netapp h700s Firmware Netapp h300e Netapp h410s Netapp h300e Firmware Netapp h500s Firmware |
|
CPE | cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* |
02 Jun 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2022, 19:43
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat codeready Linux Builder
Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Real Time Tus Redhat codeready Linux Builder Eus Ovirt node Redhat enterprise Linux For Real Time For Nfv Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Ovirt Redhat enterprise Linux Server Aus Fedoraproject fedora Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Update Services For Sap Solutions Fedoraproject Redhat virtualization Linux linux Kernel Redhat enterprise Linux Linux Redhat codeready Linux Builder Eus For Power Little Endian Redhat enterprise Linux For Real Time Redhat codeready Linux Builder For Power Little Endian Eus Redhat enterprise Linux For Real Time For Nfv Tus Redhat enterprise Linux For Ibm Z Systems Eus Redhat virtualization Host Redhat |
|
References | (MISC) https://www.openwall.com/lists/oss-security/2022/02/10/1 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2048738 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:ovirt:node:4.4.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
CWE | CWE-787 |
25 Mar 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-25 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0435
Mitre link : CVE-2022-0435
CVE.ORG link : CVE-2022-0435
JSON object : View
Products Affected
netapp
- h700e
- h700s_firmware
- h500s_firmware
- h700s
- h700e_firmware
- h300e_firmware
- h300s_firmware
- h500e_firmware
- h500s
- h410s_firmware
- h300e
- h410s
- h300s
- h500e
redhat
- enterprise_linux_server_aus
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_tus
- enterprise_linux_server_update_services_for_sap_solutions
- virtualization_host
- enterprise_linux_for_real_time_for_nfv
- codeready_linux_builder
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux
- enterprise_linux_for_ibm_z_systems
- virtualization
- enterprise_linux_for_real_time
- enterprise_linux_for_power_little_endian
- codeready_linux_builder_eus
- enterprise_linux_for_real_time_tus
- enterprise_linux_eus
- codeready_linux_builder_eus_for_power_little_endian
- enterprise_linux_for_real_time_for_nfv_tus
linux
- linux_kernel
ovirt
- node
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write