CVE-2022-1678 — MEDIUM (5.9)

Q: What is CVE-2022-1678?

CVE-2022-1678 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

Q: How severe is CVE-2022-1678?

CVE-2022-1678 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1678?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Unified Manager, Netapp Cloud Volumes Ontap Mediator, Netapp E-Series Santricity Os Controller, Netapp Element Software.

Vulnerability Description

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 4.18, <= 4.19
Netapp	Active Iq Unified Manager	-
Netapp	Cloud Volumes Ontap Mediator	-
Netapp	E-Series Santricity Os Controller	>= 11.0, <= 11.70.2
Netapp	Element Software	-
Netapp	Hci Management Node	-
Netapp	Solidfire	-
Netapp	Storagegrid	-
Netapp	Bootstrap Os	-
Netapp	Hci Compute Node	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H300E Firmware	-
Netapp	H300E	-
Netapp	H500E Firmware	-
Netapp	H500E	-

Related Weaknesses (CWE)

CWE-911

References

https://anas.openanolis.cn/cves/detail/CVE-2022-1678Third Party Advisory
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143Third Party Advisory
https://bugzilla.openanolis.cn/show_bug.cgi?id=61Issue TrackingPatchThird Party Advisory
https://gitee.com/anolis/cloud-kernel/commit/bed537da691bPermissions Required
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25PatchThird Party Advisory
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
https://security.netapp.com/advisory/ntap-20220715-0001/Third Party Advisory
https://anas.openanolis.cn/cves/detail/CVE-2022-1678Third Party Advisory
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143Third Party Advisory
https://bugzilla.openanolis.cn/show_bug.cgi?id=61Issue TrackingPatchThird Party Advisory
https://gitee.com/anolis/cloud-kernel/commit/bed537da691bPermissions Required
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25PatchThird Party Advisory
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
https://security.netapp.com/advisory/ntap-20220715-0001/Third Party Advisory

FAQ

What is CVE-2022-1678?

CVE-2022-1678 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

How severe is CVE-2022-1678?

CVE-2022-1678 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1678?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Unified Manager, Netapp Cloud Volumes Ontap Mediator, Netapp E-Series Santricity Os Controller, Netapp Element Software.