{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in kernel v5.14 rc1"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T14:03:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, {"tags": ["x_refsource_MISC"], "url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-0850"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "Fixed in kernel v5.14 rc1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor."}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, {"name": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8", "refsource": "MISC", "url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"}, {"name": "https://access.redhat.com/security/cve/CVE-2022-0850", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-0850"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:40:04.478Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-0850"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0850", "datePublished": "2022-08-29T14:03:05", "dateReserved": "2022-03-04T00:00:00", "dateUpdated": "2024-08-02T23:40:04.478Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10282F37-B17F-4974-967E-FCD5ABC9AB8E", "versionEndExcluding": "4.4.276", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E", "versionEndExcluding": "4.9.276", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B", "versionEndExcluding": "4.14.240", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2", "versionEndExcluding": "4.19.198", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5966F80-A617-4D4E-BD72-700667B23F59", "versionEndExcluding": "5.4.132", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A75FED7E-35B9-47D5-BAC3-2E805AFB1EAC", "versionEndExcluding": "5.10.50", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D020659-CECE-4B3C-A79E-294AB144C598", "versionEndExcluding": "5.12.17", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "471B868E-37A7-4831-8A1B-85BB20D2F990", "versionEndExcluding": "5.13.2", "versionStartIncluding": "5.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el kernel de linux, donde es producido un filtrado de informaci\u00f3n por medio de la funci\u00f3n ext4_extent_header al espacio de usuario"}], "id": "CVE-2022-0850", "lastModified": "2024-11-21T06:39:31.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T15:15:09.920", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0850"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank elijahbai (Tencent Security Yunding Lab) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1975", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:1988", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.9.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "kernel: information leak in copy_page_to_iter() in iov_iter.c", "id": "2060606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-200", "details": ["A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.", "An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-0850", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-06T19:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0850\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0850\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe\nhttps://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"], "threat_severity": "Moderate"}

{}