CVE-2022-1158
Published on: Not Yet Published
Last Modified on: 08/06/2022 02:35:00 AM UTC
The following vulnerability was found:
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.
- CVE-2022-1158 has been assigned by
[email protected] to track the vulnerability
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| 2069793 – (CVE-2022-1158) CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=2069793 |
| oss-security - CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region | www.openwall.com text/x-c |
MISC www.openwall.com/lists/oss-security/2022/04/08/4 |
Related QID Numbers
- 159745 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9265)
- 159746 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9264)
- 159754 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9274)
- 159755 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9273)
- 159785 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9368)
- 159788 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9365)
- 179258 Debian Security Update for linux (DSA 5127-1)
- 198783 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5416-1)
- 198822 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5469-1)
- 198824 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5467-1)
- 198826 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5468-1)
- 353964 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2022-001
- 752126 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1687-1)
- 752242 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2104-1)
There are no known software configurations (CPEs) currently associated with this CVE
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @oss_security |
CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region: Posted by… twitter.com/i/web/status/1… | 2022-04-08 11:06:05 |
| @secalertsasia |
oss-sec: CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region… twitter.com/i/web/status/1… | 2022-04-15 00:38:14 |
| @sidfm_jp |
Linux Kernel の KVM の処理に特権を奪われる問題 (CVE-2022-1158) [42030] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-05-09 05:30:05 |
| @CVEreport |
CVE-2022-1158 : A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as… twitter.com/i/web/status/1… | 2022-08-05 17:03:41 |
| @JohnJasonFallow |
New vulnerability on the NVD: CVE-2022-1158 ift.tt/aszykth | 2022-08-05 18:11:37 |
| @WesUncensored |
New vulnerability on the NVD: CVE-2022-1158 ift.tt/ASuUTft | 2022-08-05 18:33:24 |
| @workentin |
New vulnerability on the NVD: CVE-2022-1158 ift.tt/fINq9gH | 2022-08-05 18:40:39 |
| @xanadulinux |
CVE-2022-1158 ift.tt/Q43jq2S | 2022-08-05 18:52:24 |
| @LinInfoSec |
Kvm - CVE-2022-1158: bugzilla.redhat.com/show_bug.cgi?i… | 2022-08-05 20:01:54 |
| @Har_sia |
CVE-2022-1158 har-sia.info/CVE-2022-1158.… #HarsiaInfo | 2022-08-06 23:01:09 |
 /r/netcve |
CVE-2022-1158 | 2022-08-05 18:38:42 |