CVE-2022-36123

Published on: Not Yet Published

Last Modified on: 09/04/2022 07:29:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

  • CVE-2022-36123 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVE References

Description Tags Link
security/SICK-2022-128.md at master · sickcodes/security · GitHub github.com
text/html
URL Logo MISC github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
CVE-2022-36123 - A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution - Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips! sick.codes
text/html
URL Logo MISC sick.codes/sick-2022-128
cdn.kernel.org
text/plain
URL Logo CONFIRM cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
x86/xen: Use clear_bss() for Xen PV guests · torvalds/[email protected] · GitHub github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884
CVE-2022-36123 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20220901-0003/
Merge tag 'x86_urgent_for_v5.19_rc6' of git://git.kernel.org/pub/scm/… · torvalds/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0

Related QID Numbers

  • 354044 Amazon Linux Security Advisory for kernel : ALAS2-2022-1833
  • 354051 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-019
  • 377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
  • 902660 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10457)
  • 902664 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10451)
  • 904020 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10457-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
LinuxLinux KernelAllAllAllAll
HardwareNetappH300s-AllAllAll
Operating
System
NetappH300s Firmware-AllAllAll
HardwareNetappH410c-AllAllAll
Operating
System
NetappH410c Firmware-AllAllAll
HardwareNetappH410s-AllAllAll
Operating
System
NetappH410s Firmware-AllAllAll
HardwareNetappH500s-AllAllAll
Operating
System
NetappH500s Firmware-AllAllAll
HardwareNetappH700s-AllAllAll
Operating
System
NetappH700s Firmware-AllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @sickcodes CVE-2022-36123 - Linux v5.19-rc6 and below out-of-bounds read to asm page fault (or arbitrary code exec if a host h… twitter.com/i/web/status/1… 2022-07-29 02:23:49
Twitter Icon @ipssignatures The vuln CVE-2022-36123 has a tweet created 0 days ago and retweeted 12 times. twitter.com/sickcodes/stat… #pow1rtrtwwcve 2022-07-29 06:06:01
Twitter Icon @the_yellow_fall CVE-2022-36123: Linux kernel arbitrary code execution flaw securityonline.info/cve-2022-36123… #opensource #infosec #security #pentesting 2022-07-29 07:41:55
Twitter Icon @AcooEdi CVE-2022-36123: Linux kernel arbitrary code execution flaw dlvr.it/SVhlwm via securityonline https://t.co/FVB8G3ff9L 2022-07-29 07:42:35
Twitter Icon @lucianot54 "CVE-2022-36123: Linux kernel arbitrary code execution flaw" via Penetration Testing ift.tt/65q7ufw 2022-07-29 08:01:52
Twitter Icon @Komodosec #Vulnerability #CVE202236123 CVE-2022-36123: Linux kernel arbitrary code execution flaw securityonline.info/cve-2022-36123… 2022-07-29 09:26:02
Twitter Icon @Dinosn CVE-2022-36123: Linux kernel arbitrary code execution flaw securityonline.info/cve-2022-36123… 2022-07-29 11:55:27
Twitter Icon @d34dr4bbit CVE-2022-36123: Linux kernel arbitrary code execution flaw aeternusmalus.wordpress.com/2022/07/29/cve… 2022-07-29 11:58:38
Twitter Icon @CVEreport CVE-2022-36123 : The #Linux #kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .… twitter.com/i/web/status/1… 2022-07-29 14:02:40
Twitter Icon @netsecu api.follow.it/track-rss-stor… CVE-2022-36123: Linux kernel arbitrary code execution flaw #cybersecurity 2022-07-29 14:12:06
Twitter Icon @beingsheerazali CVE-2022-36123: Linux kernel arbitrary code execution flaw securityonline.info/cve-2022-36123… Dinosn 2022-07-29 14:55:21
Twitter Icon @ipssignatures The vuln CVE-2022-36123 has a tweet created 0 days ago and retweeted 11 times. twitter.com/Dinosn/status/… #pow1rtrtwwcve 2022-07-29 16:06:00
Twitter Icon @Inceptus3 New Vulnerability: CVE-2022-36123 #InceptusSecure #UnderOurProtection 2022-07-29 16:18:02
Twitter Icon @LinInfoSec Xen - CVE-2022-36123: github.com/sickcodes/secu… 2022-07-29 17:02:01
Twitter Icon @Har_sia CVE-2022-36123 har-sia.info/CVE-2022-36123… #HarsiaInfo 2022-07-29 18:25:03
Twitter Icon @disclose_io CVE-2022-36123 - A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 by @sickcodes… twitter.com/i/web/status/1… 2022-07-29 22:24:02
Twitter Icon @threatmeter CVE-2022-36123 The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss)… twitter.com/i/web/status/1… 2022-07-29 23:03:58
Twitter Icon @ColorTokensInc Emerging Vulnerability Found CVE-2022-36123 - The Linux kernel before 5.18.13 lacks a certain clear operation for t… twitter.com/i/web/status/1… 2022-07-29 23:04:04
Twitter Icon @CybrXx0 CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This a… twitter.com/i/web/status/1… 2022-07-30 01:59:29
Twitter Icon @_r_netsec CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This a… twitter.com/i/web/status/1… 2022-07-30 02:13:06
Twitter Icon @Myinfosecfeed New post: "CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.b… twitter.com/i/web/status/1… 2022-07-30 02:48:13
Twitter Icon @Dinosn CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This a… twitter.com/i/web/status/1… 2022-07-30 06:30:37
Twitter Icon @threatmeter CVE-2022-36123 The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss)… twitter.com/i/web/status/1… 2022-07-30 07:09:29
Twitter Icon @beingsheerazali CVE-2022-36123 - Linux kernel &lt;5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Thi… twitter.com/i/web/status/1… 2022-07-30 14:16:51
Twitter Icon @Har_sia CVE-2022-36123 har-sia.info/CVE-2022-36123… #HarsiaInfo 2022-07-30 15:00:09
Twitter Icon @ipssignatures The vuln CVE-2022-36123 has a tweet created 0 days ago and retweeted 11 times. twitter.com/_r_netsec/stat… #pow1rtrtwwcve 2022-07-30 16:06:01
Reddit Logo Icon /r/KomodoCyberConsulting CVE-2022-36123: Linux kernel arbitrary code execution flaw 2022-07-29 09:26:02
Reddit Logo Icon /r/netcve CVE-2022-36123 2022-07-29 15:38:18
Reddit Logo Icon /r/netsec CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service, or gain privileges. 2022-07-30 01:59:03
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report