What is CVE-2022-0998?

CVE-2022-0998 is an integer overflow flaw in the Linux kernel's virtio device driver code that allows a local user to crash or potentially escalate their privileges.

How does CVE-2022-0998 affect Linux?

CVE-2022-0998 affects Linux kernel versions from 5.7 to 5.10.88 and versions from 5.11 to 5.15.11.

How severe is CVE-2022-0998?

CVE-2022-0998 has a severity rating of 7.8 (high).

How can I fix CVE-2022-0998?

To fix CVE-2022-0998, you should update your Linux kernel to a version that is not vulnerable.

Where can I find more information about CVE-2022-0998?

You can find more information about CVE-2022-0998 in the references provided: http://www.openwall.com/lists/oss-security/2022/04/02/1, https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/, https://security.netapp.com/advisory/ntap-20220513-0003/

Vulnerability/
CVE-2022-0998

high

7.8

CWE

190

30/3/2022

2/8/2024

CVE-2022-0998: Integer Overflow

First published: Wed Mar 30 2022(Updated: )

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Linux kernel	>=5.7<5.10.88
Linux kernel	>=5.11<5.15.11
NetApp H300S Firmware
NetApp H300S
NetApp H500S Firmware
NetApp H500s
NetApp H700S
NetApp H700S
NetApp H300E Firmware
NetApp H300E Firmware
NetApp H500E
NetApp H500E
NetApp H700E
NetApp H700E
NetApp H410S Firmware
NetApp H410S Firmware
NetApp H410C Firmware
NetApp H410C

Remedy

http://www.openwall.com/lists/oss-security/2022/04/02/1

Remedy

https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-0998?
CVE-2022-0998 is an integer overflow flaw in the Linux kernel's virtio device driver code that allows a local user to crash or potentially escalate their privileges.
How does CVE-2022-0998 affect Linux?
CVE-2022-0998 affects Linux kernel versions from 5.7 to 5.10.88 and versions from 5.11 to 5.15.11.
How severe is CVE-2022-0998?
CVE-2022-0998 has a severity rating of 7.8 (high).
How can I fix CVE-2022-0998?
To fix CVE-2022-0998, you should update your Linux kernel to a version that is not vulnerable.
Where can I find more information about CVE-2022-0998?
You can find more information about CVE-2022-0998 in the references provided: http://www.openwall.com/lists/oss-security/2022/04/02/1, https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/, https://security.netapp.com/advisory/ntap-20220513-0003/

agent/type
agent/remedy
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/5.7
version/linux kernel/5.11
vendor/netapp
canonical/netapp h300s firmware
canonical/netapp h300s
canonical/netapp h500s firmware
canonical/netapp h500s
canonical/netapp h700s
canonical/netapp h300e firmware
canonical/netapp h500e
canonical/netapp h700e
canonical/netapp h410s firmware
canonical/netapp h410c firmware
canonical/netapp h410c

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.