CVE-2022-1184

一、漏洞信息
漏洞编号：CVE-2022-1184
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
漏洞公开时间：2022-08-29 23:15:00
漏洞创建时间：2022-05-24 09:54:04
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2022-1184

更多参考(点击展开)

参考来源	参考链接	来源链接
nvd	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
nvd	https://access.redhat.com/security/cve/CVE-2022-1184
nvd	https://ubuntu.com/security/CVE-2022-1184
nvd	https://www.debian.org/security/2022/dsa-5257
nvd	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
redhat	https://access.redhat.com/security/cve/CVE-2022-1184
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2070205	https://bugzilla.suse.com/show_bug.cgi?id=1198577
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1184	https://bugzilla.suse.com/show_bug.cgi?id=1198577
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2022:7444	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2022:7683	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2022:7933	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2022:8267	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
redhat_bugzilla	https://madalinstuntcars.co	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
redhat_bugzilla	https://access.redhat.com/security/cve/cve-2022-1184	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://lore.kernel.org/linux-ext4/20220518093143.20955-1-jack@suse.cz/T/#u	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-1184	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-1184	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-1184	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://bugzilla.redhat.com/show_bug.cgi?id=2070205	https://ubuntu.com/security/CVE-2022-1184
ubuntu	https://bugzilla.suse.com/show_bug.cgi?id=1198577	https://ubuntu.com/security/CVE-2022-1184
debian		https://security-tracker.debian.org/tracker/CVE-2022-1184
oracle		https://www.oracle.com/security-alerts/ovmbulletinoct2022.html
anolis		https://anas.openanolis.cn/cves/detail/CVE-2022-1184
cve_search		https://bugzilla.redhat.com/show_bug.cgi?id=2070205
cve_search		https://access.redhat.com/security/cve/CVE-2022-1184
cve_search		https://ubuntu.com/security/CVE-2022-1184
cve_search		https://www.debian.org/security/2022/dsa-5257
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-0494.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-0812.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-1966.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-21123.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-21125.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-21166.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html	https://alas.aws.amazon.com/AL2/ALAS-2022-1813.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2257.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2264.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2284.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2285.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2286.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2287.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2288.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2289.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2304.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2343.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2344.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2345.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2816.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2817.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2819.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-3037.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
nvd	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
nvd	https://www.debian.org/security/2022/dsa-5257
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1184
redhat_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
ubuntu	https://lore.kernel.org/linux-ext4/20220518093143.20955-1-jack@suse.cz/T/#u
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-1184
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-1184
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-1184
ubuntu	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
ubuntu	https://bugzilla.suse.com/show_bug.cgi?id=1198577
debian	https://security-tracker.debian.org/tracker/CVE-2022-1184
oracle	https://www.oracle.com/security-alerts/ovmbulletinoct2022.html
anolis	https://anas.openanolis.cn/cves/detail/CVE-2022-1184
cve_search	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
cve_search	https://access.redhat.com/security/cve/CVE-2022-1184
cve_search	https://ubuntu.com/security/CVE-2022-1184
cve_search	https://www.debian.org/security/2022/dsa-5257
nvd	https://bugzilla.redhat.com/show_bug.cgi?id=2070205
nvd	https://access.redhat.com/security/cve/CVE-2022-1184
nvd	https://ubuntu.com/security/CVE-2022-1184

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
linux_kernel	4.14.283	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=d27d3caddbeff10871982d5e25e6557be0fdc29a	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	4.19.247	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=78398c2b2cc14f9a9c8592cf6d334c5a479ed611	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	4.9.318	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=93bbf0498ba20eadcd7132bd3cfdaff54eb72751	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.10.121	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=da2f05919238c7bdc6e28c79539f55c8355408bb	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.15.46	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ca17db384762be0ec38373a12460081d22a8b42d	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.17.14	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4b1cd51256e9267140153f04f4e62148adb2908c	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.18.3	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=298659c0e7074f774a794fc293df4014617b87be	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.4.198	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=17034d45ec443fb0e3c0e7297f9cd10f70446064	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-22.03-LTS:受影响
2.openEuler-20.03-LTS-SP1(4.19.90):受影响
3.openEuler-20.03-LTS-SP2(4.19.90):受影响
4.openEuler-20.03-LTS-SP3(4.19.90):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-22.03-LTS:否
2.openEuler-20.03-LTS-SP1(4.19.90):否
3.openEuler-20.03-LTS-SP2(4.19.90):否
4.openEuler-20.03-LTS-SP3(4.19.90):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-2015

CVE-2022-1184
I58WSQ

影响性分析说明：
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE状态：无补丁(kernel4.19)

受影响版本排查(受影响/不受影响):
1.openEuler-22.03-LTS(5.10.0):受影响
2.openEuler-20.03-LTS-SP1(4.19.90):受影响
3.openEuler-20.03-LTS-SP2(4.19.90):受影响
4.openEuler-20.03-LTS-SP3(4.19.194):受影响

修复是否涉及abi变化(是/否)：
1.openEuler-22.03-LTS(5.10.0):否
2.openEuler-20.03-LTS-SP1(4.19.90):否
3.openEuler-20.03-LTS-SP2(4.19.90):否
4.openEuler-20.03-LTS-SP3(4.19.194):否

影响和风险：
    该漏洞允许具有用户特权的本地攻击者触发UAF甚至panic, 造成拒绝服务

利用条件：
    该漏洞的触发是挂载一个损坏的镜像并在该镜像上执行 rename 操作

技术原因：【背景】或【漏洞描述】
    该问题的场景是在 ext4_rename 中，new_name 对应的文件不存在，然后通过 ext4_add_entry 将 old_inode 设置到 new_dentry 中。
    在 ext4_add_entry 中因为 new_dentry 对应的父目录 dir 开启了 dir_index 所以调用 ext4_dx_add_entry 来添加 new_dentry。
    在 ext4_dx_add_entry 添加 new_dentry 时所需的块数超过当前树最大的块数，所以需要执行 do_split 来 split index。
    在 do_split 中执行 dx_insert_block 移动 dx_entry 时报 UAF。该问题的场景是在 ext4_rename 中，new_name 对应的文件不存在，然后通过 ext4_add_entry 将 old_inode 设置到 new_dentry 中。
    在 ext4_add_entry 中因为 new_dentry 对应的父目录 dir 开启了 dir_index 所以调用 ext4_dx_add_entry 来添加 new_dentry。
    在 ext4_dx_add_entry 添加 new_dentry 时所需的块数超过当前树最大的块数，所以需要执行 do_split 来 split index。
    在 do_split 中执行 dx_insert_block 移动 dx_entry 时报 UAF。

判断方法：
sudo tune2fs -l /dev/sda | grep dir_index
查看对应 ext4 磁盘 dir_index 特性是否开启，开启则涉及
是否有规避/缓解方案：【否】
规避方案：【否】

无补丁，挂起。

https://www.suse.com/security/cve/CVE-2022-1184.html
https://bugzilla.suse.com/show_bug.cgi?id=1198577

https://bugzilla.redhat.com/show_bug.cgi?id=2070205

src-openEuler/kernel

内容风险标识

评论 (12)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-1184

评论 (12)

搜索帮助

src-openEuler/kernel