CVE-2022-28893

Summary

CVE	CVE-2022-28893
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-04-11 05:15:00 UTC
Updated	2023-05-15 18:45:00 UTC
Description	The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Operating System	Netapp	Hci Compute Node Firmware	-	All	All	All
Application	Netapp	Solidfire Enterprise Sds Hci Storage Node	-	All	All	All
Application	Netapp	Solidfire Hci Management Node	-	All	All	All

References

Reference	Source	Link	Tags
oss-security - CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem	MLIST	www.openwall.com
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
CVE-2022-28893 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
oss-security - Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem	MLIST	www.openwall.com
oss-security - Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem	MLIST	www.openwall.com
Debian -- Security Information -- DSA-5161-1 linux	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160210 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-7683)
160270 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-8267)
179371 Debian Security Update for linux (DSA 5161-1)
184635 Debian Security Update for linux (CVE-2022-28893)
198880 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5544-1)
198894 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5566-1)
198895 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5562-1)
198897 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5564-1)
198911 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5582-1)
240815 Red Hat Update for kernel-rt (RHSA-2022:7444)
240817 Red Hat Update for kernel security (RHSA-2022:7683)
240869 Red Hat Update for kernel-rt (RHSA-2022:7933)
240904 Red Hat Update for kernel security (RHSA-2022:8267)
242890 Red Hat Update for kernel (RHSA-2024:0724)
353960 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-014
353962 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-026
353964 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2022-001
354327 Amazon Linux Security Advisory for kernel : ALAS2022-2022-083
354468 Amazon Linux Security Advisory for kernel : ALAS2022-2022-185
354542 Amazon Linux Security Advisory for kernel : ALAS-2022-185
355199 Amazon Linux Security Advisory for kernel : ALAS2023-2023-070
355565 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-023
377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
6140415 AWS Bottlerocket Security Update for kernel (GHSA-m63c-5pgq-vm26)
752126 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1687-1)
752242 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2104-1)
753176 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1676-1)
753299 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1669-1)
900795 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9329)
901119 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9332)
902073 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9332-1)
902200 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9329-1)
906016 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9329-2)
906315 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9332-2)
940732 AlmaLinux Security Update for kernel (ALSA-2022:7683)
940766 AlmaLinux Security Update for kernel-rt (ALSA-2022:7444)
940798 AlmaLinux Security Update for kernel (ALSA-2022:8267)
940843 AlmaLinux Security Update for kernel-rt (ALSA-2022:7933)
960176 Rocky Linux Security Update for kernel-rt (RLSA-2022:7444)
960184 Rocky Linux Security Update for kernel (RLSA-2022:7683)