CVE-2022-0854: Infoleak

Reference Links

• https://www.cve.org/CVERecord?id=CVE-2022-0854 https://nvd.nist.gov/vuln/detail/CVE-2022-0854 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
• https://bugzilla.redhat.com/show_bug.cgi?id=2058395
• https://access.redhat.com/errata/RHSA-2022:7444
• https://access.redhat.com/errata/RHSA-2022:7683
• https://access.redhat.com/errata/RHSA-2022:8267
• https://access.redhat.com/errata/RHSA-2022:7933
• https://access.redhat.com/security/cve/cve-2022-0854
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
• https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
• https://www.debian.org/security/2022/dsa-5161
• https://www.debian.org/security/2022/dsa-5173
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
• https://launchpad.net/bugs/cve/CVE-2022-0854
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2066077
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2058395#c9
• https://lore.kernel.org/all/YiIiHD7uA1o7Sj1X@kroah.com/t/
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.17&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
• https://access.redhat.com/errata/RHSA-2024:0412
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
• https://nvd.nist.gov/vuln/detail/CVE-2022-0854
• https://security-tracker.debian.org/tracker/CVE-2022-0854
• https://ubuntu.com/security/CVE-2022-0854
• https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e
• https://git.kernel.org/linus/901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2022:7444
• RHSA-2022:7683
• RHSA-2022:8267
• RHSA-2022:7933

Frequently Asked Questions

• What is CVE-2022-0854?

  CVE-2022-0854 is a memory leak flaw in the Linux kernel's DMA subsystem that allows a local user to read random memory from the kernel space.

• How does CVE-2022-0854 affect Ubuntu?

  Ubuntu is affected by CVE-2022-0854 if the Linux kernel version is between 5.14.0-1033.36 (inclusive) and 5.14.0-1034.36 (exclusive) on the focal release.

• How does CVE-2022-0854 affect Red Hat?

  Red Hat is affected by CVE-2022-0854 if the Linux kernel version is between 5.17 (inclusive) and 5.18 (exclusive).

• How does CVE-2022-0854 affect Red Hat Kernel RT?

  Red Hat Kernel RT is affected by CVE-2022-0854 if the kernel-rt version is 4.18.0-425.3.1.rt7.213.el8 on the el8 release, or if the kernel-rt version is 5.14.0-162.6.1.rt21.168.el9_1 on the el9_1 release.

• How does CVE-2022-0854 affect Debian?

  Debian is affected by CVE-2022-0854 if the Linux kernel version is one of the following: 4.19.249-2, 4.19.289-2, 5.10.178-3, 5.10.191-1, 6.1.38-1, 6.1.52-1, and 6.5.3-1.

• What is the severity rating of CVE-2022-0854?

  CVE-2022-0854 has a severity rating of 5.5 (medium).

• What is the Common Weakness Enumeration (CWE) ID for CVE-2022-0854?

  The Common Weakness Enumeration (CWE) ID for CVE-2022-0854 is CWE-401.

• How can I fix CVE-2022-0854 on Ubuntu?

  To fix CVE-2022-0854 on Ubuntu, update the linux-oem-5.14 package to version 5.14.0-1034.36 or later.

• How can I fix CVE-2022-0854 on Red Hat?

  To fix CVE-2022-0854 on Red Hat, update the Linux kernel to version 5.18 or later.

• How can I fix CVE-2022-0854 on Red Hat Kernel RT?

  To fix CVE-2022-0854 on Red Hat Kernel RT, update the kernel-rt package to version 4.18.0-425.3.1.rt7.213.el8 or 5.14.0-162.6.1.rt21.168.el9_1 or later.

• How can I fix CVE-2022-0854 on Debian?

  To fix CVE-2022-0854 on Debian, update the linux package to version 4.19.249-2, 4.19.289-2, 5.10.178-3, 5.10.191-1, 6.1.38-1, 6.1.52-1, 6.5.3-1 or later.