CVE-2022-0854

一、漏洞信息
漏洞编号：CVE-2022-0854
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,5.15.33,5.17
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞简述：
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
漏洞公开时间：2022-03-24 04:15
漏洞创建时间：2022-03-29 14:37:56
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2022-0854

更多参考(点击展开)

参考来源	参考链接	来源链接
MISC	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
DEBIAN	https://www.debian.org/security/2022/dsa-5161
MLIST	https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
DEBIAN	https://www.debian.org/security/2022/dsa-5173
nvd	https://access.redhat.com/security/cve/CVE-2022-0854
redhat_bugzilla	https://lore.kernel.org/all/YiIiHD7uA1o7Sj1X@kroah.com/t/
redhat_bugzilla	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.17&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13
redhat_bugzilla	https://lore.kernel.org/all/YiIiHD7uA1o7Sj1X@kroah.com/t/
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
ubuntu	https://ubuntu.com/security/notices/USN-5381-1
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-0854
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-0854
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-0854
debian	https://security-tracker.debian.org/tracker/CVE-2022-0854

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
linux_kernel	4.14.281	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=aaf166f37eb6bb55d81c3e40a2a460c8875c8813	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves
linux_kernel	4.19.245	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=06cb238b0f7ac1669cb06390704c61794724c191	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves
linux_kernel	5.10.118	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f3f2247ac31cb71d1f05f56536df5946c6652f4a	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves
linux_kernel	5.15.29	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2c1f97af38be151527380796d31d3c9adb054bf9	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves
linux_kernel	5.16.15	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=62b27d925655999350d0ea775a025919fd88d27f	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves
linux_kernel	5.4.196	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=b2f140a9f980806f572d672e1780acea66b9a25c	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP2(4.19.90):受影响
3.openEuler-20.03-LTS-SP3(4.19.90):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP2(4.19.90):否
3.openEuler-20.03-LTS-SP3(4.19.90):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-1614

影响性分析说明：
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
openEuler评分：
CVSS V3.0分值：
BaseScore:
Vector：
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP2(4.19.90):受影响
3.openEuler-20.03-LTS-SP3(4.19.90):受影响
修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP2(4.19.90):否
3.openEuler-20.03-LTS-SP3(4.19.90):否

影响性分析说明：
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
openEuler评分：
CVSS V3.0分值：
BaseScore: 5.1
Vector：
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP2(4.19.90):受影响
3.openEuler-20.03-LTS-SP3(4.19.90):受影响
修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP2(4.19.90):否
3.openEuler-20.03-LTS-SP3(4.19.90):否

影响性分析说明：
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
openEuler评分：
CVSS V3.0分值：
BaseScore: 5.1
Vector：CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP2(4.19.90):受影响
3.openEuler-20.03-LTS-SP3(4.19.90):受影响
修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP2(4.19.90):否
3.openEuler-20.03-LTS-SP3(4.19.90):否

src-openEuler/kernel

内容风险标识

评论 (11)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-0854

评论 (11)

搜索帮助

src-openEuler/kernel