CVE-2022-39189: Use After Free
First published: Mon May 30 2022(Updated: )
A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
| redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
| redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
| redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
| Linux Linux kernel | >=4.16<5.4.244 | |
| Linux Linux kernel | >=5.5.0<5.10.180 | |
| Linux Linux kernel | >=5.11<5.15.60 | |
| Linux Linux kernel | >=5.16<5.18.17 | |
| Netapp Hci Baseboard Management Controller | =h300s | |
| Netapp Hci Baseboard Management Controller | =h410c | |
| Netapp Hci Baseboard Management Controller | =h410s | |
| Netapp Hci Baseboard Management Controller | =h500s | |
| Netapp Hci Baseboard Management Controller | =h700s | |
| redhat/kernel | <5.19 | 5.19 |
| Google Android | ||
| ubuntu/linux | <5.15.0-50.56 | 5.15.0-50.56 |
| ubuntu/linux | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-allwinner | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-allwinner-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws | <5.15.0-1021.25 | 5.15.0-1021.25 |
| ubuntu/linux-aws | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-5.0 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-5.15 | <5.15.0-1021.25~20.04.1 | 5.15.0-1021.25~20.04.1 |
| ubuntu/linux-aws-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-6.2 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-fips | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-aws-hwe | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure | <5.15.0-1021.26 | 5.15.0-1021.26 |
| ubuntu/linux-azure | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-4.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-5.15 | <5.15.0-1021.26~20.04.1 | 5.15.0-1021.26~20.04.1 |
| ubuntu/linux-azure-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-edge | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-fde | <5.15.0-1024.30.1 | 5.15.0-1024.30.1 |
| ubuntu/linux-azure-fde | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-fde-5.15 | <5.15.0-1021.26~20.04.1.1 | 5.15.0-1021.26~20.04.1.1 |
| ubuntu/linux-azure-fde-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-fde-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-azure-fips | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-bluefield | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-dell300x | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-fips | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp | <5.15.0-1019.25 | 5.15.0-1019.25 |
| ubuntu/linux-gcp | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-4.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-5.15 | <5.15.0-1021.28~20.04.1 | 5.15.0-1021.28~20.04.1 |
| ubuntu/linux-gcp-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gcp-fips | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gke | <5.15.0-1017.20 | 5.15.0-1017.20 |
| ubuntu/linux-gke | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gke-4.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gke-5.0 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gke-5.15 | <5.15.0-1019.23~20.04.1 | 5.15.0-1019.23~20.04.1 |
| ubuntu/linux-gke-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gke-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gkeop | <5.15.0-1004.6 | 5.15.0-1004.6 |
| ubuntu/linux-gkeop | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gkeop-5.15 | <5.15.0-1005.7~20.04.1 | 5.15.0-1005.7~20.04.1 |
| ubuntu/linux-gkeop-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-gkeop-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe-5.15 | <5.15.0-50.56~20.04.1 | 5.15.0-50.56~20.04.1 |
| ubuntu/linux-hwe-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe-6.2 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-hwe-edge | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-ibm | <5.15.0-1015.17 | 5.15.0-1015.17 |
| ubuntu/linux-ibm | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-ibm-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-ibm-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-intel | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-intel-5.13 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-intel-iotg | <5.15.0-1017.22 | 5.15.0-1017.22 |
| ubuntu/linux-intel-iotg | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-intel-iotg-5.15 | <5.15.0-1017.22~20.04.1 | 5.15.0-1017.22~20.04.1 |
| ubuntu/linux-intel-iotg-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-iot | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-kvm | <5.15.0-1019.23 | 5.15.0-1019.23 |
| ubuntu/linux-kvm | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-laptop | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lowlatency | <5.15.0-50.56 | 5.15.0-50.56 |
| ubuntu/linux-lowlatency | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-50.56~20.04.1 | 5.15.0-50.56~20.04.1 |
| ubuntu/linux-lowlatency-hwe-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lowlatency-hwe-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lowlatency-hwe-6.2 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lowlatency-hwe-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-lts-xenial | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-nvidia | <5.15.0-1015.15 | 5.15.0-1015.15 |
| ubuntu/linux-nvidia | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-nvidia-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-5.10 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-5.14 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-5.17 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-5.6 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-6.0 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-6.1 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-6.8 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oem-osp1 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle | <5.15.0-1019.24 | 5.15.0-1019.24 |
| ubuntu/linux-oracle | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle-5.0 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle-5.13 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle-5.15 | <5.15.0-1019.24~20.04.1 | 5.15.0-1019.24~20.04.1 |
| ubuntu/linux-oracle-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-oracle-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-raspi | <5.15.0-1016.18 | 5.15.0-1016.18 |
| ubuntu/linux-raspi | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-raspi-5.4 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-raspi2 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-riscv | <5.15.0-1020.23 | 5.15.0-1020.23 |
| ubuntu/linux-riscv | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-riscv-5.15 | <5.15.0-1022.26~20.04.1 | 5.15.0-1022.26~20.04.1 |
| ubuntu/linux-riscv-5.15 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-riscv-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-snapdragon | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-starfive | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-starfive-5.19 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-starfive-6.5 | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| ubuntu/linux-xilinx-zynqmp | <5.19~<5.15.60 | 5.19~ 5.15.60 |
| debian/linux | 5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-39189 https://nvd.nist.gov/vuln/detail/CVE-2022-39189 https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
- https://bugzilla.redhat.com/show_bug.cgi?id=2124788
- https://access.redhat.com/errata/RHSA-2023:2736
- https://access.redhat.com/errata/RHSA-2023:2951
- https://access.redhat.com/errata/RHSA-2023:2458
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/security/cve/cve-2022-39189
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
- https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://security.netapp.com/advisory/ntap-20230214-0007/
- https://www.debian.org/security/2023/dsa-5480
- https://launchpad.net/bugs/cve/CVE-2022-39189
- https://access.redhat.com/errata/RHSA-2024:0724
- https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b
- https://source.android.com/docs/security/bulletin/2023-02-01 (Advisory)
- https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
- https://ubuntu.com/security/notices/USN-5667-1
- https://ubuntu.com/security/notices/USN-5683-1
- https://ubuntu.com/security/notices/USN-5703-1
- https://www.cve.org/CVERecord?id=CVE-2022-39189
- https://nvd.nist.gov/vuln/detail/CVE-2022-39189
- https://security-tracker.debian.org/tracker/CVE-2022-39189
- https://git.kernel.org/linus/f38a7b75267f1fb240a8178cbcb16d66dd37aac8
- https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736
- https://git.kernel.org/linus/54aa83c90198e68eee8b0850c749bc70efb548da
- https://ubuntu.com/security/CVE-2022-39189
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-39189
- agent/references
- collector/android-source
- source/Android
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.16
- version/linux linux kernel/5.5.0
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- vendor/netapp
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h700s
- vendor/google
- canonical/google android
- package-manager/ubuntu
- package-manager/debian