{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2526", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T00:39:08.031Z", "dateReserved": "2022-07-24T00:00:00", "datePublished": "2022-09-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."}], "affected": [{"vendor": "n/a", "product": "systemd-resolved", "versions": [{"version": "systemd 240", "status": "affected"}]}], "references": [{"url": "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c"}, {"url": "https://security.netapp.com/advisory/ntap-20221111-0005/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-416", "cweId": "CWE-416"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.031Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221111-0005/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:240:*:*:*:*:*:*:*", "matchCriteriaId": "161BE658-86CC-4F76-8F55-7371B1CE551F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en systemd. Este problema ocurre debido a que las funciones on_stream_io() y dns_stream_complete() en \"resolved-dns-stream.c\" no incrementan el conteo de referencias para el objeto DnsStream. Por lo tanto, otras funciones y callbacks llamados pueden hacer referencia al objeto DNSStream, causando un uso de memoria previamente liberada cuando la referencia sigue us\u00e1ndose m\u00e1s tarde"}], "id": "CVE-2022-2526", "lastModified": "2024-11-21T07:01:11.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-09T15:15:10.107", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221111-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221111-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Siddharth Sharma (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2022:6160", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "systemd-0:219-78.el7_9.7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6206", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "systemd-0:239-58.el8_6.4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-29T00:00:00Z"}, {"advisory": "RHSA-2022:6163", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "systemd-0:239-18.el8_1.11", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6162", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "systemd-0:239-31.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6161", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "systemd-0:239-45.el8_4.12", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-08-24T00:00:00Z"}, {"advisory": "RHSA-2022:6551", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.2-202209140405_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-09-19T00:00:00Z"}], "bugzilla": {"description": "systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c", "id": "2109926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109926"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."], "name": "CVE-2022-2526", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2526\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2526"], "statement": "This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but that allows local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. But this flaw does not easily exploit by a remote unauthenticated attacker.", "threat_severity": "Important", "upstream_fix": "systemd 240"}