First published: Wed May 25 2022(Updated: )
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
Credit: security@openanolis.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=4.18<=4.19 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Cloud Volumes Ontap Mediator | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
Netapp Element Software | ||
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Storagegrid | ||
Netapp Bootstrap Os | ||
Netapp Hci Compute Node | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp H410c Firmware | ||
Netapp H410c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-1678 is high with a CVSS score of 7.5.
The affected software includes Linux Kernel versions 4.18 to 4.19, Apple iPadOS, Netapp Cloud Volumes Ontap Mediator, NetApp E-Series SANtricity OS Controller, Netapp Element Software, Netapp Hci Management Node, Netapp Solidfire, Netapp Storagegrid, and Netapp Bootstrap Os.
CVE-2022-1678 can be exploited by remote clients using an improper update of sock reference in TCP pacing, leading to a memory/netns leak.
The CWE ID of CVE-2022-1678 is 911.
More information about CVE-2022-1678 can be found at the following references: [Reference 1](https://anas.openanolis.cn/cves/detail/CVE-2022-1678), [Reference 2](https://anas.openanolis.cn/errata/detail/ANSA-2022:0143), [Reference 3](https://bugzilla.openanolis.cn/show_bug.cgi?id=61)