CVE-2022-1789

Updated: 2023-11-07 19:55:00.382182

Description:

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.9
CVSS Version 3.x MEDIUM 6.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 6.8 MEDIUM Ignored 2023-11-08 04:07:40
AlmaLinux 9.2 FIPS kernel 5.14.0 6.8 MEDIUM Ignored 2023-11-21 04:12:18
CentOS 6 ELS kernel 2.6.32 6.8 MEDIUM Ignored 2022-06-11 11:38:27
CentOS 7 ELS kernel 3.10.0 6.8 MEDIUM Ignored 2023-09-19 09:29:59
CentOS 8.4 ELS kernel 4.18.0 6.8 MEDIUM Released CLSA-2023:1690287378 2023-07-25 09:18:57
CentOS 8.5 ELS kernel 4.18.0 6.8 MEDIUM Released CLSA-2023:1690294029 2023-07-25 11:14:46
CentOS Stream 8 ELS kernel 4.18.0 6.8 MEDIUM Ignored 2024-10-08 10:44:50
CloudLinux 6 ELS kernel 2.6.32 6.8 MEDIUM Ignored 2022-06-11 11:38:27
CloudLinux 7 ELS kernel 3.10.0 6.8 MEDIUM Ignored 2024-10-08 10:44:50
Oracle Linux 6 ELS kernel 2.6.32 6.8 MEDIUM Ignored 2022-06-11 11:38:27
Total: 13