{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48686", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-03T14:55:07.143Z", "datePublished": "2024-05-03T14:59:10.472Z", "dateUpdated": "2024-08-03T15:17:55.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:11:20.580Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/tcp.c"], "versions": [{"version": "3f2304f8c6d6", "lessThan": "19816a021468", "status": "affected", "versionType": "git"}, {"version": "3f2304f8c6d6", "lessThan": "5914fa32ef1b", "status": "affected", "versionType": "git"}, {"version": "3f2304f8c6d6", "lessThan": "13c80a6c1124", "status": "affected", "versionType": "git"}, {"version": "3f2304f8c6d6", "lessThan": "c3eb461aa56e", "status": "affected", "versionType": "git"}, {"version": "3f2304f8c6d6", "lessThan": "160f3549a907", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/tcp.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.213", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.143", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.68", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.19.9", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"}, {"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"}, {"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"}, {"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"}, {"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"}], "title": "nvme-tcp: fix UAF when detecting digest errors", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:58.605083Z", "id": "CVE-2022-48686", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:44:52.450Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.855Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48686", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:58.605083Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:59.706Z"}}], "cna": {"title": "nvme-tcp: fix UAF when detecting digest errors", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3f2304f8c6d6", "lessThan": "19816a021468", "versionType": "git"}, {"status": "affected", "version": "3f2304f8c6d6", "lessThan": "5914fa32ef1b", "versionType": "git"}, {"status": "affected", "version": "3f2304f8c6d6", "lessThan": "13c80a6c1124", "versionType": "git"}, {"status": "affected", "version": "3f2304f8c6d6", "lessThan": "c3eb461aa56e", "versionType": "git"}, {"status": "affected", "version": "3f2304f8c6d6", "lessThan": "160f3549a907", "versionType": "git"}], "programFiles": ["drivers/nvme/host/tcp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.0"}, {"status": "unaffected", "version": "0", "lessThan": "5.0", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.213", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.143", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.68", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.19.9", "versionType": "custom", "lessThanOrEqual": "5.19.*"}, {"status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/nvme/host/tcp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"}, {"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"}, {"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"}, {"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"}, {"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:11:20.580Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48686", "state": "PUBLISHED", "dateUpdated": "2024-06-17T17:44:52.450Z", "dateReserved": "2024-05-03T14:55:07.143Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-03T14:59:10.472Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2546C7B1-C9BA-4CC7-AC0A-71A655EACF9F", "versionEndExcluding": "5.4.213", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E77EECF5-C31E-4342-8014-AA844BB83A76", "versionEndExcluding": "5.10.143", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C440CED2-FE3C-495D-839C-857FFC6F523A", "versionEndExcluding": "5.15.68", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4895A99-6E1B-4C76-A510-FDED00AD7D29", "versionEndExcluding": "5.19.9", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-tcp: corrige UAF al detectar errores de resumen. Tambi\u00e9n debemos salir del bucle io_work cuando configuramos rd_enabled en verdadero, para no intentar leer datos del socket cuando el flujo TCP ya no est\u00e1 sincronizado o est\u00e1 da\u00f1ado."}], "id": "CVE-2022-48686", "lastModified": "2024-05-23T20:33:45.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-03T15:15:07.673", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nvme-tcp: fix UAF when detecting digest errors", "id": "2278931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278931"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnvme-tcp: fix UAF when detecting digest errors\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted.", "A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvme_tcp_io_work. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48686", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48686\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48686\nhttps://lore.kernel.org/linux-cve-announce/2024050342-CVE-2022-48686-5e8e@gregkh/T"], "statement": "This vulnerability is only for systems where NVME over TCP being used.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.213, kernel 5.10.143, kernel 5.15.68, kernel 5.19.9, kernel 6.0"}