CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2022-2961 Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20230214-0004/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

28 Jun 2023, 20:34

Type Values Removed Values Added
First Time Netapp h300s Firmware
Netapp h410c
Netapp h410s Firmware
Netapp
Netapp h410s
Netapp h300s
Netapp h500s
Netapp h700s
Netapp h700s Firmware
Netapp h500s Firmware
Netapp h410c Firmware
CPE cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
CWE CWE-416 CWE-362
References (CONFIRM) https://security.netapp.com/advisory/ntap-20230214-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20230214-0004/ - Third Party Advisory

Information

Published : 2022-08-29 15:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-2961

Mitre link : CVE-2022-2961

CVE.ORG link : CVE-2022-2961


JSON object : View

Products Affected

netapp

  • h410c_firmware
  • h300s_firmware
  • h500s_firmware
  • h410s_firmware
  • h500s
  • h700s_firmware
  • h700s
  • h410s
  • h410c
  • h300s

linux

  • linux_kernel

fedoraproject

  • fedora
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free