{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1184", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:55:24.530Z", "dateReserved": "2022-03-30T00:00:00", "datePublished": "2022-08-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Not-known", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1184"}, {"url": "https://ubuntu.com/security/CVE-2022-1184"}, {"name": "DSA-5257", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-416 - Use After Free", "cweId": "CWE-416"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1184", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/CVE-2022-1184", "tags": ["x_transferred"]}, {"name": "DSA-5257", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9C64950-F22D-4306-B3A7-EAE45176299B", "versionEndExcluding": "4.9.138", "versionStartExcluding": "2.6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "710B94A9-F09F-4B18-9D38-0FDBC004BB21", "versionEndExcluding": "4.14.283", "versionStartExcluding": "4.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "94240ABF-996C-4B73-8612-9B1102881F8A", "versionEndExcluding": "4.19.247", "versionStartExcluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "226DC59F-A75D-47CE-BAB5-DFA20C8E4A46", "versionEndExcluding": "5.4.198", "versionStartExcluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDEF9A49-C2F9-41C6-9947-52E8D13E4E53", "versionEndExcluding": "5.10.121", "versionStartExcluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "77578AA5-6692-47CA-BC03-E99D59007463", "versionEndExcluding": "5.15.46", "versionStartExcluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "597F5F18-F0BA-4627-A9A9-F35141387244", "versionEndExcluding": "5.17.14", "versionStartExcluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE4422AF-02DF-4A4E-8EE6-6437A19A5D93", "versionEndExcluding": "5.18.3", "versionStartExcluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*", "matchCriteriaId": "6F62EECE-8FB1-4D57-85D8-CB9E23CF313C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service."}, {"lang": "es", "value": "Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegaci\u00f3n de servicio"}], "id": "CVE-2022-1184", "lastModified": "2023-12-20T20:10:36.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T15:15:10.413", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-1184"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://ubuntu.com/security/CVE-2022-1184"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5257"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Wenqing Liu for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:7444", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-425.3.1.rt7.213.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:1877", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.100.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:7933", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2024:1877", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.100.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-04-18T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image", "id": "2070205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.", "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-1184", "public_date": "2022-04-18T05:39:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1184\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1184"], "threat_severity": "Moderate"}