CVE-2022-24448

Published on: 02/04/2022 12:00:00 AM UTC

Last Modified on: 05/12/2022 08:03:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

  • CVE-2022-24448 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as LOW severity.

CVSS3 Score: 3.3 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 1.9 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
URL Logo MISC git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
cdn.kernel.org
text/plain
URL Logo MISC cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
[SECURITY] [DLA 2941-1] linux-4.19 security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
[SECURITY] [DLA 2940-1] linux security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
[PATCH 5.16 114/200] NFSv4: Handle case where the lookup of a directory fails — Linux Stable Kernel Updates www.spinics.net
text/html
URL Logo MISC www.spinics.net/lists/stable/msg531976.html
Revert "NFSv4: Handle the special Linux file open access mode" · torvalds/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
Debian -- Security Information -- DSA-5096-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5096
[PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag lore.kernel.org
text/html
URL Logo MISC lore.kernel.org/all/[email protected]/T/
NFSv4: Handle case where the lookup of a directory fails · torvalds/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
Debian -- Security Information -- DSA-5092-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5092

Related QID Numbers

  • 159754 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9274)
  • 159755 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9273)
  • 159760 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9314)
  • 159763 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9313)
  • 160210 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-7683)
  • 160270 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-8267)
  • 179104 Debian Security Update for linux (DSA 5092-1)
  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179118 Debian Security Update for linux (DLA 2940-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 198672 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5302-1)
  • 198745 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5383-1)
  • 198746 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5384-1)
  • 198749 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5385-1)
  • 240815 Red Hat Update for kernel-rt (RHSA-2022:7444)
  • 240817 Red Hat Update for kernel security (RHSA-2022:7683)
  • 240869 Red Hat Update for kernel-rt (RHSA-2022:7933)
  • 240904 Red Hat Update for kernel security (RHSA-2022:8267)
  • 353184 Amazon Linux Security Advisory for kernel : ALAS-2022-1571
  • 353195 Amazon Linux Security Advisory for kernel : ALAS2-2022-1761
  • 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
  • 377124 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0029)
  • 377181 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0022)
  • 671441 EulerOS Security Update for kernel (EulerOS-SA-2022-1366)
  • 671611 EulerOS Security Update for kernel (EulerOS-SA-2022-1537)
  • 671630 EulerOS Security Update for kernel (EulerOS-SA-2022-1647)
  • 671631 EulerOS Security Update for kernel (EulerOS-SA-2022-1661)
  • 671724 EulerOS Security Update for kernel (EulerOS-SA-2022-1779)
  • 671817 EulerOS Security Update for kernel (EulerOS-SA-2022-1868)
  • 751831 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0768-1)
  • 751832 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0765-1)
  • 751833 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0757-1)
  • 751835 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0767-1)
  • 751836 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0759-1)
  • 751837 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0762-1)
  • 751838 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0766-1)
  • 751851 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0768-1)
  • 751952 OpenSUSE Security Update for Linux Kernel (openSUSE-SU-2022:1039-1)
  • 751956 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:1037-1)
  • 752016 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1039-1)
  • 752234 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2080-1)
  • 753348 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1038-1)
  • 753368 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2079-1)
  • 753373 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1257-1)
  • 753422 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1037-1)
  • 900649 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8495)
  • 900959 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8483-1)
  • 940732 AlmaLinux Security Update for kernel (ALSA-2022:7683)
  • 940766 AlmaLinux Security Update for kernel-rt (ALSA-2022:7444)
  • 940798 AlmaLinux Security Update for kernel (ALSA-2022:8267)
  • 940843 AlmaLinux Security Update for kernel-rt (ALSA-2022:7933)
  • 960176 Rocky Linux Security Update for kernel-rt (RLSA-2022:7444)
  • 960184 Rocky Linux Security Update for kernel (RLSA-2022:7683)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux11.0AllAllAll
Operating
System
DebianDebian Linux9.0AllAllAll
Operating
System
LinuxLinux KernelAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2022-24448 : An issue was discovered in fs/nfs/dir.c in the #Linux #kernel before 5.16.5. If an application set… twitter.com/i/web/status/1… 2022-02-04 20:05:10
Reddit Logo Icon /r/netcve CVE-2022-24448 2022-02-04 21:38:36
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report