CVE-2022-39189: Use After Free
First published: Mon May 30 2022(Updated: )
A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
| redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
| redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
| redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
| redhat/kernel | <5.19 | 5.19 |
| Google Android | ||
| Linux Kernel | >=4.16<5.4.244 | |
| Linux Kernel | >=5.5.0<5.10.180 | |
| Linux Kernel | >=5.11<5.15.60 | |
| Linux Kernel | >=5.16<5.18.17 | |
| netapp hci baseboard management controller | =h300s | |
| netapp hci baseboard management controller | =h410c | |
| netapp hci baseboard management controller | =h410s | |
| netapp hci baseboard management controller | =h500s | |
| netapp hci baseboard management controller | =h700s | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-39189 https://nvd.nist.gov/vuln/detail/CVE-2022-39189 https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
- https://bugzilla.redhat.com/show_bug.cgi?id=2124788
- https://access.redhat.com/errata/RHSA-2023:2736
- https://access.redhat.com/errata/RHSA-2023:2951
- https://access.redhat.com/errata/RHSA-2023:2458
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/security/cve/cve-2022-39189
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
- https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://security.netapp.com/advisory/ntap-20230214-0007/
- https://www.debian.org/security/2023/dsa-5480
- https://launchpad.net/bugs/cve/CVE-2022-39189
- https://access.redhat.com/errata/RHSA-2024:0724
- https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b
- https://source.android.com/docs/security/bulletin/2023-02-01 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189
- https://nvd.nist.gov/vuln/detail/CVE-2022-39189
- https://security-tracker.debian.org/tracker/CVE-2022-39189
- https://ubuntu.com/security/CVE-2022-39189
- https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-39189?
CVE-2022-39189 has a high severity rating due to its potential to allow unprivileged guest users to compromise the guest kernel.
How do I fix CVE-2022-39189?
To fix CVE-2022-39189, update to the recommended kernel versions specified in the remediation section.
What systems are affected by CVE-2022-39189?
CVE-2022-39189 impacts various versions of the Linux kernel and specific NetApp HCI baseboard management controllers.
Can CVE-2022-39189 be exploited remotely?
CVE-2022-39189 does not appear to be a remotely exploitable vulnerability, as it involves unprivileged access within guest environments.
Is there a workaround for CVE-2022-39189?
Currently, there are no known workarounds for CVE-2022-39189 other than applying the appropriate updates.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-39189
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/android-source
- source/Android
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/google
- canonical/google android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.16
- version/linux kernel/5.5.0
- version/linux kernel/5.11
- version/linux kernel/5.16
- vendor/netapp
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h700s
- package-manager/debian