PT-2022-4326 · Linux+7 · Linux Kernel+7

Gaoning Pan

Published

2022-04-06

Updated

2023-08-14

CVE-2022-1263

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to the fixed version

Description The issue is related to a NULL pointer dereference in the KVM subsystem of the Linux kernel, specifically in the kvm dirty ring push function. This flaw can be exploited by an unprivileged local attacker on the host to cause a denial of service by issuing specific ioctl calls, resulting in a kernel oops condition.

Recommendations For Linux Kernel versions prior to the fixed version, consider disabling the dirty ring support as a temporary workaround until a patch is available. Restrict access to the vulnerable kvm dirty ring push function to minimize the risk of exploitation. Avoid using specific ioctl calls that can cause a kernel oops condition until the issue is resolved.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2050

ALT-PU-2022-2131

ALT-PU-2022-2152

ALT-PU-2022-2155

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-10820

BDU:2022-05184

CESA-2022_7444

CESA-2022_7683

CVE-2022-1263

MGASA-2022-0154

MGASA-2022-0155

OPENSUSE-SU-2022_3585-1

OPENSUSE-SU-2022_3844-1

OPENSUSE-SU-2022_4617-1

RHSA-2022:7444

RHSA-2022:7683

RHSA-2022:7933

RHSA-2022:8267

RHSA-2022_7444

RHSA-2022_7683

RHSA-2022_7933

RHSA-2022_8267

SUSE-SU-2022:3585-1

SUSE-SU-2022:3844-1

SUSE-SU-2022:4617-1

USN-5469-1

Affected Products

Alt Linux

Astra Linux

Centos

Linux Kernel

Linuxmint

Red Hat

Suse

Ubuntu

PT-2022-4326 · Linux+7 · Linux Kernel+7

CVE-2022-1263

Weakness Enumeration

Related Identifiers

Affected Products

References · 503