[Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new pipe_buffer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
intel |
New
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Feature Description]
CVE-2022-0847
A critical linux kernel vulnerability has been found, which exists since Linux kernel v5.8 or later.
If linux kernel has this commit f6dd975583bd ("pipe: merge anon_pipe_
Please note: This commit f6dd975583bd did not introduce the bug, it just made it easier to exploit.
The vulnerability has been fixed in linux kernel 5.16.11, 5.15.25 and 5.10.102.
For more details see: https:/
Commit: 9d2231c5d74e13b
git tag --contains 9d2231c5d74e13b
v5.17-rc6
Commit:f6dd975583bd
git tag --contains f6dd975583bd
v5.10
Target Kernel: 5.17
Target Release: 22.10/22.04/Others
[HW/SW Information]
Bug fix for vulnerability
[Business Justification]
Function improvement
CVE References
summary: |
- [Secutiry] CVE-2022-0847 lib/iov_iter: initialize "flags" in new + [Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new pipe_buffer |
information type: | Public → Public Security |
This was fixed in affected kernels in https:/ /ubuntu. com/security/ notices/ USN-5317- 1 and https:/ /ubuntu. com/security/ notices/ USN-5362- 1