CVE-2022-0516

Published on: Not Yet Published

Last Modified on: 10/04/2022 09:16:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

  • CVE-2022-0516 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 4.6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55
2050237 – (CVE-2022-0516) CVE-2022-0516 kernel: missing check in ioctl allows kernel memory read/write bugzilla.redhat.com
text/html
URL Logo MISC bugzilla.redhat.com/show_bug.cgi?id=2050237
Debian -- Security Information -- DSA-5092-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5092
CVE-2022-0516 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20220331-0009/

Related QID Numbers

  • 159700 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0825)
  • 179104 Debian Security Update for linux (DSA 5092-1)
  • 198708 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)
  • 198709 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5338-1)
  • 198728 Ubuntu Security Notification for Linux kernel (Intel IOTG) Vulnerabilities (USN-5362-1)
  • 198731 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)
  • 240122 Red Hat Update for kernel security (RHSA-2022:0777)
  • 240128 Red Hat Update for kernel security (RHSA-2022:0825)
  • 282398 Fedora Security Update for kernel (FEDORA-2022-6f887c7be7)
  • 282399 Fedora Security Update for kernel (FEDORA-2022-df17aabb12)
  • 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
  • 751836 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0759-1)
  • 751852 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0755-1)
  • 751853 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0760-1)
  • 751999 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0760-1)
  • 753086 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0755-1)
  • 753110 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:0619-1)
  • 753188 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:0660-1)
  • 753338 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:0615-1)
  • 753348 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1038-1)
  • 753373 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1257-1)
  • 900751 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8990)
  • 901900 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8997-1)
  • 906188 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8990-1)
  • 906289 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8997-2)
  • 940463 AlmaLinux Security Update for kernel (ALSA-2022:0825)
  • 960805 Rocky Linux Security Update for kernel (RLSA-2022:0825)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux11.0AllAllAll
Operating
System
FedoraprojectFedora34AllAllAll
Operating
System
FedoraprojectFedora35AllAllAll
Operating
System
LinuxLinux KernelAllAllAllAll
Operating
System
LinuxLinux Kernel5.17rc1AllAll
Operating
System
LinuxLinux Kernel5.17rc2AllAll
Operating
System
LinuxLinux Kernel5.17rc3AllAll
Hardware Device InfoNetappH300e-AllAllAll
Operating
System
NetappH300e Firmware-AllAllAll
Hardware Device InfoNetappH300s-AllAllAll
Operating
System
NetappH300s Firmware-AllAllAll
Hardware Device InfoNetappH410c-AllAllAll
Operating
System
NetappH410c Firmware-AllAllAll
Hardware Device InfoNetappH410s-AllAllAll
Operating
System
NetappH410s Firmware-AllAllAll
Hardware Device InfoNetappH500e-AllAllAll
Operating
System
NetappH500e Firmware-AllAllAll
Hardware Device InfoNetappH500s-AllAllAll
Operating
System
NetappH500s Firmware-AllAllAll
Hardware Device InfoNetappH700e-AllAllAll
Operating
System
NetappH700e Firmware-AllAllAll
Hardware Device InfoNetappH700s-AllAllAll
Operating
System
NetappH700s Firmware-AllAllAll
ApplicationRedhatCodeready Linux Builder-AllAllAll
Operating
System
RedhatEnterprise Linux8.0AllAllAll
Operating
System
RedhatEnterprise Linux8.0AllAllAll
Operating
System
RedhatEnterprise Linux Eus8.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus8.4AllAllAll
Operating
System
RedhatEnterprise Linux For Ibm Z Systems8.0AllAllAll
Operating
System
RedhatEnterprise Linux For Ibm Z Systems Eus8.4AllAllAll
Operating
System
RedhatEnterprise Linux For Power Little Endian8.0AllAllAll
Operating
System
RedhatEnterprise Linux For Power Little Endian8.0AllAllAll
Operating
System
RedhatEnterprise Linux For Power Little Endian Eus8.4AllAllAll
Operating
System
RedhatEnterprise Linux For Power Little Endian Eus8.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus8.4AllAllAll
Operating
System
RedhatEnterprise Linux Server For Power Little Endian Update Services For Sap Solutions8.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus8.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Update Services For Sap Solutions8.4AllAllAll
ApplicationRedhatVirtualization Host4.0AllAllAll
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @softek_jp Linux Kernel の IBM S/390 用 KVM の処理に特権を奪われる問題 (CVE-2022-0516) [41503] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2022-03-08 06:30:03
Twitter Icon @CVEreport CVE-2022-0516 : A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM… twitter.com/i/web/status/1… 2022-03-10 17:46:29
Twitter Icon @LinInfoSec Kvm - CVE-2022-0516: bugzilla.redhat.com/show_bug.cgi?i… 2022-03-10 20:00:20
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report