CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2022-2961 - Issue Tracking, Third Party Advisory () https://access.redhat.com/security/cve/CVE-2022-2961 - Issue Tracking, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20230214-0004/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20230214-0004/ - Third Party Advisory

28 Jun 2023, 20:34

Type Values Removed Values Added
First Time Netapp h300s Firmware
Netapp h410c
Netapp h410s Firmware
Netapp
Netapp h410s
Netapp h300s
Netapp h500s
Netapp h700s
Netapp h700s Firmware
Netapp h500s Firmware
Netapp h410c Firmware
CPE cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
CWE CWE-416 CWE-362
References (CONFIRM) https://security.netapp.com/advisory/ntap-20230214-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20230214-0004/ - Third Party Advisory

Information

Published : 2022-08-29 15:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2961

Mitre link : CVE-2022-2961

CVE.ORG link : CVE-2022-2961


JSON object : View

Products Affected

netapp

  • h500s_firmware
  • h410s_firmware
  • h410c_firmware
  • h700s
  • h410c
  • h300s
  • h300s_firmware
  • h700s_firmware
  • h500s
  • h410s

fedoraproject

  • fedora

linux

  • linux_kernel
CWE
CWE-416

Use After Free

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')