CVE-2022-1158

Updated: 2023-11-04 20:22:58.584011

Description:

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Already Fixed 2024-01-18 13:10:47
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Already Fixed 2024-01-18 13:09:46
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:37
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2024-10-07 16:17:00
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1686585068 2023-06-13 09:07:39
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1686651204 2023-06-13 09:07:40
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2024-10-07 16:17:01
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:37
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2024-10-07 16:17:02
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:49:35
Total: 11