Vulnerability Description
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.2, < 5.4.177 |
| Fedoraproject | Fedora | 35 |
| Redhat | Enterprise Linux | 8.0 |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
Related Weaknesses (CWE)
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0Mailing ListPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20221223-0002/Third Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0Mailing ListPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20221223-0002/Third Party Advisory
FAQ
What is CVE-2022-2938?
CVE-2022-2938 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corru...
How severe is CVE-2022-2938?
CVE-2022-2938 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2938?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux, Netapp H300S Firmware, Netapp H300S.