{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "kernel 5.15 rc6"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-681", "description": "CWE-681", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:44:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "kernel 5.15 rc6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-681"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.198Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0322", "datePublished": "2022-03-25T18:02:58", "dateReserved": "2022-01-20T00:00:00", "dateUpdated": "2024-08-02T23:25:40.198Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4", "versionEndExcluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*", "matchCriteriaId": "9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS)."}, {"lang": "es", "value": "Se ha encontrado un fallo en la funci\u00f3n sctp_make_strreset_req en el archivo net/sctp/sm_make_chunk.c en el protocolo de red SCTP en el kernel de Linux con un acceso de privilegio de usuario local. En este fallo, un intento de usar m\u00e1s b\u00fafer del asignado desencadena un problema BUG_ON, conllevando a una denegaci\u00f3n de servicio (DOS)"}], "id": "CVE-2022-0322", "lastModified": "2023-02-02T17:17:42.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-25T19:15:09.967", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-681"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1975", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:1988", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.9.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c", "id": "2042822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-681", "details": ["A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is to skip loading the affected module SCTP onto the system. Until we have a fix available, this can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"}, "name": "CVE-2022-0322", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0322\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0322\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15 rc6"}