CVE-2022-39189 — HIGH (7.8)

Q: How severe is CVE-2022-39189?

CVE-2022-39189 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-39189?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Baseboard Management Controller.

Vulnerability Description

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 4.16, < 5.4.244
Netapp	Hci Baseboard Management Controller	h300s

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=2309Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17PatchRelease NotesVendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88PatchVendor Advisory
https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb73PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20230214-0007/Third Party Advisory
https://www.debian.org/security/2023/dsa-5480Third Party AdvisoryVDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=2309Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17PatchRelease NotesVendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88PatchVendor Advisory
https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb73PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20230214-0007/Third Party Advisory
https://www.debian.org/security/2023/dsa-5480Third Party AdvisoryVDB Entry

FAQ

What is CVE-2022-39189?

CVE-2022-39189 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VC...

How severe is CVE-2022-39189?

CVE-2022-39189 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-39189?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Baseboard Management Controller.