CVE-2022-0850: Infoleak
First published: Thu May 06 2021(Updated: )
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <4.4.276 | |
| Linux Linux kernel | >=4.5<4.9.276 | |
| Linux Linux kernel | >=4.10<4.14.240 | |
| Linux Linux kernel | >=4.15<4.19.198 | |
| Linux Linux kernel | >=4.20<5.4.132 | |
| Linux Linux kernel | >=5.5.0<5.10.50 | |
| Linux Linux kernel | >=5.11<5.12.17 | |
| Linux Linux kernel | >=5.13<5.13.2 | |
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| redhat/kernel | <5.14 | 5.14 |
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.6-1 6.12.8-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2022-0850
- https://bugzilla.redhat.com/show_bug.cgi?id=2060606
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe
- https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8
- https://www.cve.org/CVERecord?id=CVE-2022-0850 https://nvd.nist.gov/vuln/detail/CVE-2022-0850 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2022-0850
- https://launchpad.net/bugs/cve/CVE-2022-0850
- https://syzkaller.appspot.com/bug?id=602bc454598b9bc1186ea9f927f6225ef64a397b
- https://android.googlesource.com/kernel/common/+/ce3aba43599f0
- https://source.android.com/docs/security/bulletin/2023-02-01 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2022-0850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0850
- https://nvd.nist.gov/vuln/detail/CVE-2022-0850
- https://ubuntu.com/security/CVE-2022-0850
- collector/nvd-api
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-0850
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/android-source
- source/Android
- agent/remedy
- agent/references
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5.0
- version/linux linux kernel/5.11
- version/linux linux kernel/5.13
- package-manager/redhat
- vendor/google
- canonical/google android
- package-manager/debian