CVE-2022-0516

Published on: Not Yet Published

Last Modified on: 10/04/2022 09:16:00 PM UTC

CVE-2022-0516

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

CVE-2022-0516 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 4.6 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
LOCAL	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	PARTIAL	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
kernel/git/torvalds/linux.git - Linux kernel source tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55
2050237 – (CVE-2022-0516) CVE-2022-0516 kernel: missing check in ioctl allows kernel memory read/write	bugzilla.redhat.com text/html	MISC bugzilla.redhat.com/show_bug.cgi?id=2050237
Debian -- Security Information -- DSA-5092-1 linux	www.debian.org Depreciated Link text/html	DEBIAN DSA-5092
CVE-2022-0516 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20220331-0009/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

159700 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0825)
179104 Debian Security Update for linux (DSA 5092-1)
198708 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)
198709 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5338-1)
198728 Ubuntu Security Notification for Linux kernel (Intel IOTG) Vulnerabilities (USN-5362-1)
198731 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)
240122 Red Hat Update for kernel security (RHSA-2022:0777)
240128 Red Hat Update for kernel security (RHSA-2022:0825)
282398 Fedora Security Update for kernel (FEDORA-2022-6f887c7be7)
282399 Fedora Security Update for kernel (FEDORA-2022-df17aabb12)
376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
751836 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0759-1)
751852 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0755-1)
751853 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0760-1)
751999 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0760-1)
753086 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0755-1)
753110 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:0619-1)
753188 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) (SUSE-SU-2022:0660-1)
753338 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:0615-1)
753348 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1038-1)
753373 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1257-1)
900751 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8990)
901900 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8997-1)
906188 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8990-1)
906289 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8997-2)
940463 AlmaLinux Security Update for kernel (ALSA-2022:0825)
960805 Rocky Linux Security Update for kernel (RLSA-2022:0825)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.17	rc1	All	All
Operating System	Linux	Linux Kernel	5.17	rc2	All	All
Operating System	Linux	Linux Kernel	5.17	rc3	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Redhat	Codeready Linux Builder	-	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.4	All	All	All
Application	Redhat	Virtualization Host	4.0	All	All	All

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*:
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@softek_jp	Linux Kernel の IBM S/390 用 KVM の処理に特権を奪われる問題 (CVE-2022-0516) [41503] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報	2022-03-08 06:30:03
@CVEreport	CVE-2022-0516 : A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM… twitter.com/i/web/status/1…	2022-03-10 17:46:29
@LinInfoSec	Kvm - CVE-2022-0516: bugzilla.redhat.com/show_bug.cgi?i…	2022-03-10 20:00:20