{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48905", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:06:23.292Z", "datePublished": "2024-08-22T01:30:31.825Z", "dateUpdated": "2024-11-04T12:18:52.945Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:18:52.945Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ibm/ibmvnic.c"], "versions": [{"version": "2770a7984db5", "lessThan": "786576c03b31", "status": "affected", "versionType": "git"}, {"version": "2770a7984db5", "lessThan": "58b07100c20e", "status": "affected", "versionType": "git"}, {"version": "2770a7984db5", "lessThan": "6acbc8875282", "status": "affected", "versionType": "git"}, {"version": "2770a7984db5", "lessThan": "39738a2346b2", "status": "affected", "versionType": "git"}, {"version": "2770a7984db5", "lessThan": "4c26745e4576", "status": "affected", "versionType": "git"}, {"version": "2770a7984db5", "lessThan": "8d0657f39f48", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/ibm/ibmvnic.c"], "versions": [{"version": "4.18", "status": "affected"}, {"version": "0", "lessThan": "4.18", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.233", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.183", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.104", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.27", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.13", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/786576c03b313a9ff6585458aa0dfd039d897f51"}, {"url": "https://git.kernel.org/stable/c/58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2"}, {"url": "https://git.kernel.org/stable/c/6acbc8875282d3ca8a73fa93cd7a9b166de5019c"}, {"url": "https://git.kernel.org/stable/c/39738a2346b270e8f72f88d8856de2c167bd2899"}, {"url": "https://git.kernel.org/stable/c/4c26745e4576cec224092e6cc12e37829333b183"}, {"url": "https://git.kernel.org/stable/c/8d0657f39f487d904fca713e0bc39c2707382553"}], "title": "ibmvnic: free reset-work-item when flushing", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:34:20.364742Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:12.189Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:34:20.364742Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.020Z"}}], "cna": {"title": "ibmvnic: free reset-work-item when flushing", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2770a7984db5", "lessThan": "786576c03b31", "versionType": "git"}, {"status": "affected", "version": "2770a7984db5", "lessThan": "58b07100c20e", "versionType": "git"}, {"status": "affected", "version": "2770a7984db5", "lessThan": "6acbc8875282", "versionType": "git"}, {"status": "affected", "version": "2770a7984db5", "lessThan": "39738a2346b2", "versionType": "git"}, {"status": "affected", "version": "2770a7984db5", "lessThan": "4c26745e4576", "versionType": "git"}, {"status": "affected", "version": "2770a7984db5", "lessThan": "8d0657f39f48", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/ibm/ibmvnic.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.18"}, {"status": "unaffected", "version": "0", "lessThan": "4.18", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.233", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.183", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.104", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.27", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.13", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/ibm/ibmvnic.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/786576c03b313a9ff6585458aa0dfd039d897f51"}, {"url": "https://git.kernel.org/stable/c/58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2"}, {"url": "https://git.kernel.org/stable/c/6acbc8875282d3ca8a73fa93cd7a9b166de5019c"}, {"url": "https://git.kernel.org/stable/c/39738a2346b270e8f72f88d8856de2c167bd2899"}, {"url": "https://git.kernel.org/stable/c/4c26745e4576cec224092e6cc12e37829333b183"}, {"url": "https://git.kernel.org/stable/c/8d0657f39f487d904fca713e0bc39c2707382553"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-22T03:30:32.074Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48905", "state": "PUBLISHED", "dateUpdated": "2024-09-12T17:33:12.189Z", "dateReserved": "2024-08-21T06:06:23.292Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-22T01:30:31.825Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "94F03986-C560-4F93-9BAB-D48C438A6B89", "versionEndExcluding": "4.19.233", "versionStartIncluding": "4.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76A7616E-E6B9-4A7F-AA7C-1D47F774215F", "versionEndExcluding": "5.4.183", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "764998FC-D1F7-4BAA-BD56-A553C7AB8F08", "versionEndExcluding": "5.10.104", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A8E092-3021-4A34-8DCE-B89D2238818B", "versionEndExcluding": "5.15.27", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B871B667-EDC0-435D-909E-E918D8D90995", "versionEndExcluding": "5.16.13", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*", "matchCriteriaId": "EFA3917C-C322-4D92-912D-ECE45B2E7416", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*", "matchCriteriaId": "BED18363-5ABC-4639-8BBA-68E771E5BB3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: free reset-work-item when flushing\n\nFix a tiny memory leak when flushing the reset work queue."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ibmvnic: elemento de trabajo de reinicio gratuito al vaciar Se corrige una peque\u00f1a p\u00e9rdida de memoria al vaciar la cola de trabajo de reinicio."}], "id": "CVE-2022-48905", "lastModified": "2024-09-12T13:44:45.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-22T02:15:05.050", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/39738a2346b270e8f72f88d8856de2c167bd2899"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c26745e4576cec224092e6cc12e37829333b183"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/58b07100c20e95c78b8cb4d6d28ca53eb9ef81f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6acbc8875282d3ca8a73fa93cd7a9b166de5019c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/786576c03b313a9ff6585458aa0dfd039d897f51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d0657f39f487d904fca713e0bc39c2707382553"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:7933", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: ibmvnic: free reset-work-item when flushing", "id": "2307158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307158"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nibmvnic: free reset-work-item when flushing\nFix a tiny memory leak when flushing the reset work queue.", "A memory leak flaw was found in the Linux kernel\u2019s IBM Virtual Network Interface Controller (ibmvnic ) driver. This issue involved not properly freeing memory associated with a reset work item when the reset work queue is flushed, causing the reset-work-item not to be deallocated. This flaw allows an attacker with control over the virtual NIC to repeatedly trigger interface resets to cause small amounts of memory to leak. Over time, this can lead to memory exhaustion, especially in systems already resource-constrained or under heavy load, resulting in a possible denial of service (DoS) condition."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48905", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48905\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48905\nhttps://lore.kernel.org/linux-cve-announce/2024082212-CVE-2022-48905-4c70@gregkh/T"], "threat_severity": "Low"}