PT-2022-1628 · Linux+10 · Linux Kernel+10

Christian Borntraeger

·

Published

2022-02-02

·

Updated

2023-08-14

·

CVE-2022-0516

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc4
Description A flaw in the kvm s390 guest sida op function in KVM for s390 in the Linux kernel allows a local attacker with normal user privileges to obtain unauthorized memory write access. This issue is related to insufficient protection of service data, which can be exploited to gain unauthorized access to protected information.
Recommendations For Linux kernel versions prior to 5.17-rc4, update to version 5.17-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the kvm s390 guest sida op function to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2022:0825
ALT-PU-2022-1531
ALT-PU-2022-1647
ALT-PU-2022-1730
ALT-PU-2022-1768
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-8997
BDU:2022-00869
CESA-2022_0825
CVE-2022-0516
DSA-5092-1
OPENSUSE-SU-2022:0755-1
OPENSUSE-SU-2022:0760-1
OPENSUSE-SU-2022_0755-1
OPENSUSE-SU-2022_0760-1
RHSA-2022:0777
RHSA-2022:0825
RHSA-2022_0825
RLSA-2022:0825
SUSE-SU-2022:0615-1
SUSE-SU-2022:0619-1
SUSE-SU-2022:0660-1
SUSE-SU-2022:0755-1
SUSE-SU-2022:0759-1
SUSE-SU-2022:0760-1
SUSE-SU-2022:1038-1
SUSE-SU-2022:1257-1
USN-5337-1
USN-5338-1
USN-5362-1
USN-5368-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu