CVE-2022-3522 - Vulnerability Details

Vendors	Products
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2023:2736	2023-05-16T00:00:00Z
kernel-0:4.18.0-477.10.1.el8_8	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:2951	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.87.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0412	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-284.11.1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z
kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2023:2148	2023-05-09T00:00:00Z
kernel-0:5.14.0-284.11.1.el9_2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.87.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0412	2024-01-25T00:00:00Z

Link	Providers
https://lore.kernel.org/all/20221004193400.110155-3-peterx@redhat.com/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-3522
https://www.cve.org/CVERecord?id=CVE-2022-3522

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-3522", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2023-01-24T00:00:00", "dateRejected": "2023-01-24T00:00:00", "dateReserved": "2022-10-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-01-24T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.0 (string)

cveMetadata : { »

state : REJECTED (string)

cveId : CVE-2022-3522 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

assignerShortName : VulDB (string)

dateUpdated : 2023-01-24T00:00:00 (string)

dateRejected : 2023-01-24T00:00:00 (string)

dateReserved : 2022-10-16T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2023-01-24T00:00:00 (string)

}

rejectedReasons : [ »

0 : { »

lang : en (string)

value : DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2023:2736", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.10.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2024:0412", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.87.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2148", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:0412", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.87.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-01-25T00:00:00Z"}], "bugzilla": {"description": "kernel: race condition in hugetlb_no_page() in mm/hugetlb.c", "id": "2150979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150979"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["A vulnerability was found in hugetlb_no_page in the mm/hugetlb.c file in the Linux Kernel, where a manipulation leads to a race condition. This flaw may allow a local attacker to cause a denial of service and can lead to a kernel information leak issue."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-3522", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-10-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3522\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3522\nhttps://lore.kernel.org/all/20221004193400.110155-3-peterx@redhat.com/T/#u"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2023:2736 (string)

cpe : cpe:/a:redhat:enterprise_linux:8::nfv (string)

package : kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-05-16T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:2951 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-477.10.1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-05-16T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:0412 (string)

cpe : cpe:/o:redhat:rhel_eus:8.6 (string)

package : kernel-0:4.18.0-372.87.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2024-01-25T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2023:2458 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-284.11.1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-05-09T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2023:2148 (string)

cpe : cpe:/a:redhat:enterprise_linux:9::nfv (string)

package : kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-05-09T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2023:2458 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-284.11.1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-05-09T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2024:0412 (string)

cpe : cpe:/o:redhat:rhev_hypervisor:4.4::el8 (string)

package : kernel-0:4.18.0-372.87.1.el8_6 (string)

product_name : Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 (string)

release_date : 2024-01-25T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: race condition in hugetlb_no_page() in mm/hugetlb.c (string)

id : 2150979 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2150979 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.0 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-362 (string)

details : [ »

0 : A vulnerability was found in hugetlb_no_page in the mm/hugetlb.c file in the Linux Kernel, where a manipulation leads to a race condition. This flaw may allow a local attacker to cause a denial of service and can lead to a kernel information leak issue. (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2022-3522 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2022-10-12T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2022-3522 https://nvd.nist.gov/vuln/detail/CVE-2022-3522 https://lore.kernel.org/all/20221004193400.110155-3-peterx@redhat.com/T/#u (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object