CVE-2022-3202

一、漏洞信息
漏洞编号：CVE-2022-3202
漏洞归属组件：kernel
漏洞归属的版本：主线5.18之前，4.19
CVSS V3.0分值：
BaseScore：7.1 High
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
漏洞简述：
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
漏洞公开时间：2022-09-14 23:15
漏洞创建时间：2023-09-05 02:06:30
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2022-3202

更多参考(点击展开)

参考来源	参考链接	来源链接
secalert.redhat.com	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
secalert.redhat.com	https://security.netapp.com/advisory/ntap-20221228-0007/
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2126423	https://bugzilla.suse.com/show_bug.cgi?id=1203389
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3202	https://bugzilla.suse.com/show_bug.cgi?id=1203389
redhat_bugzilla	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47	https://bugzilla.redhat.com/show_bug.cgi?id=2126423
redhat_bugzilla	https://access.redhat.com/security/cve/cve-2022-3202	https://bugzilla.redhat.com/show_bug.cgi?id=2126423
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3202	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://access.redhat.com/security/cve/CVE-2022-3202	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://ubuntu.com/security/notices/USN-5650-1	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-3202	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-3202	https://ubuntu.com/security/CVE-2022-3202
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-3202	https://ubuntu.com/security/CVE-2022-3202
debian		https://security-tracker.debian.org/tracker/CVE-2022-3202
anolis		https://anas.openanolis.cn/cves/detail/CVE-2022-3202
cve_search		https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
cve_search		https://security.netapp.com/advisory/ntap-20221228-0007/
nvd	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
nvd	https://security.netapp.com/advisory/ntap-20221228-0007/
redhat	https://access.redhat.com/security/cve/CVE-2022-3202
nvd	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
nvd	https://security.netapp.com/advisory/ntap-20221228-0007/
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2257.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2264.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2284.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2285.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2286.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2287.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2288.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2289.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2304.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2343.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2344.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2345.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2816.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2817.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-2819.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
amazon_linux	https://alas.aws.amazon.com/cve/html/CVE-2022-3037.html	https://alas.aws.amazon.com/ALAS-2022-1639.html
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2126423
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3202
redhat_bugzilla	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
redhat_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2126423
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3202
ubuntu	https://access.redhat.com/security/cve/CVE-2022-3202
ubuntu	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-3202
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-3202
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-3202
debian	https://security-tracker.debian.org/tracker/CVE-2022-3202
nvd	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47		secalert.redhat.com
		https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47		redhat_bugzilla
		https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47		ubuntu
linux_kernel	4.14.276	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=33bd243566a9b1ca94261dcc2e16c7b9e3a71c15	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	4.19.238	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2ef74e3e0089b6615ee124e1183746974c6bb561	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	4.9.311	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=d2e45f0bc25da09efcac658d6e405115fcfa83c2	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.10.111	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=b9c5ac0a15f24d63b20f899072fa6dd8c93af136	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.15.34	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=d925b7e78b62805fcc5440d1521181c82b6f03cb	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.16.20	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ffe1d40aec3f6f8cc620369ba07eb5e9bd449d85	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.17.3	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2e0e1de4f7a17e0886524c1d6701b8e2bf5a7363	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux_kernel	5.4.189	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e19c3149a80e4fc8df298d6546640e01601f3758	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	linuxkernelcves
linux		https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47	https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	ubuntu
		https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47		nvd

二、漏洞分析结构反馈
影响性分析说明：

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
openEuler评分：
7.1
Vector：CVSS：3.0/
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1(4.19.90):
2.openEuler-20.03-LTS-SP3:
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
5.openEuler-22.03-LTS-SP2:

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):
2.openEuler-20.03-LTS-SP3:
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
5.openEuler-22.03-LTS-SP2:

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-1941

Hi wangzhaolong1, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers: @Xie XiuQi , @YangYingliang , @成坚 (CHENG Jian) , @jiaoff , @AlexGuo , @hanjun-guo , @woqidaideshi , @zhengzengkai , @Jackie Liu , @Zhang Yi , @colyli , @ThunderTown , @htforge , @Chiqijun , @冷嘲啊 , @zhujianwei001 , @kylin-mayukun , @wangxiongfeng , @Kefeng , @SuperSix173 , @WangShaoBo , @Zheng Zucheng , @lujialin , @陈结松 , @刘恺 , @whoisxxx , @wuxu_buque , @koulihong , @柳歆 , @朱科潜 , @Xu Kuohai , @Lingmingqiang , @juntian , @OSSIM , @岳海兵 , @郑振鹏 , @刘勇强 , @yuzenghui , @Qiuuuuu

@WangZhaoLong CVE-2022-3202 在当前软件仓下已经创建过对应的ISSUE, 请不要重复创建, 当前ISSUE将被工具设置为已拒绝.

src-openEuler / kernel

内容风险标识

评论 (2)

src-openEuler / kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-3202

评论 (2)

搜索帮助

src-openEuler / kernel