Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2152807 (CVE-2022-4379) - CVE-2022-4379 kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack
Summary: CVE-2022-4379 kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-4379
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2152814 2152815 2152816 2152817 2152818 2152827 2152828 2152829 2152830 2152831 2152832 2152833 2152834 2152835 2152836 2152837 2153139 2153140 2153141 2153142 2153143 2153144 2153146 2153147 2153149 2153150 2153151 2153152 2153153 2153154 2153155 2153156 2153157 2156577
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-13 06:52 UTC by Rohit Keshri
Modified: 2023-03-23 13:16 UTC (History)
43 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service.
Clone Of:
Environment:
Last Closed: 2023-03-23 13:16:46 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:1050 0 None None None 2023-03-02 05:37:47 UTC
Red Hat Product Errata RHSA-2023:0951 0 None None None 2023-02-28 08:18:46 UTC
Red Hat Product Errata RHSA-2023:0979 0 None None None 2023-02-28 09:51:21 UTC
Red Hat Product Errata RHSA-2023:1008 0 None None None 2023-02-28 11:42:43 UTC
Red Hat Product Errata RHSA-2023:1202 0 None None None 2023-03-14 13:53:51 UTC
Red Hat Product Errata RHSA-2023:1203 0 None None None 2023-03-14 13:54:06 UTC
Red Hat Product Errata RHSA-2023:1435 0 None None None 2023-03-23 09:03:39 UTC

Description Rohit Keshri 2022-12-13 06:52:03 UTC
A use-after-free vulnerability in __nfs42_ssc_open() in fs/nfs/nfs4file.c in Linux kernel through v6.1-rc8, which allows an attacker to conduct remote Denial of Service attack.

Comment 11 Guilherme de Almeida Suckevicz 2022-12-27 18:52:54 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2156577]

Comment 21 errata-xmlrpc 2023-02-28 08:18:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0951 https://access.redhat.com/errata/RHSA-2023:0951

Comment 22 errata-xmlrpc 2023-02-28 09:51:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0979 https://access.redhat.com/errata/RHSA-2023:0979

Comment 23 errata-xmlrpc 2023-02-28 11:42:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1008 https://access.redhat.com/errata/RHSA-2023:1008

Comment 24 errata-xmlrpc 2023-03-14 13:53:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1202 https://access.redhat.com/errata/RHSA-2023:1202

Comment 25 errata-xmlrpc 2023-03-14 13:54:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1203 https://access.redhat.com/errata/RHSA-2023:1203

Comment 26 errata-xmlrpc 2023-03-23 09:03:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1435 https://access.redhat.com/errata/RHSA-2023:1435

Comment 27 Product Security DevOps Team 2023-03-23 13:16:42 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-4379


Note You need to log in before you can comment on or make changes to this bug.