一、漏洞信息
漏洞编号:[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929)
漏洞归属组件:[kernel](https://gitee.com/src-openeuler/kernel)
漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.5
CVSS V2.0分值:
BaseScore:0.0 Low
Vector:CVSS:2.0/
漏洞简述:
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c.
漏洞公开时间:2023-01-18 05:15:00
漏洞创建时间:2023-01-18 15:42:19
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2022-47929
<details>
<summary>更多参考(点击展开)</summary>
| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| nvd | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407 | |
| nvd | https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html | |
| nvd | https://www.spinics.net/lists/netdev/msg555705.html | |
| nvd | https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6 | |
| redhat | https://access.redhat.com/security/cve/CVE-2022-47929 | |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47929 | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2022-47929 | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407 | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| suse_bugzilla | https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| suse_bugzilla | https://www.spinics.net/lists/netdev/msg555705.html | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| suse_bugzilla | https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6 | https://bugzilla.suse.com/show_bug.cgi?id=1207237 |
| debian | | https://security-tracker.debian.org/tracker/CVE-2022-47929 |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2257.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2264.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2284.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2285.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2286.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2287.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2288.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2289.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2304.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2343.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2344.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2345.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2816.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2817.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2819.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-3037.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
</details>
漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:
<details>
<summary>详情(点击展开)</summary>
| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |
| ------- | -------- | ------- | -------- | --------- |
| | | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407 | | suse_bugzilla |
</details>
二、漏洞分析结构反馈
影响性分析说明:
openEuler评分:
受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1(4.19.90):
2.openEuler-20.03-LTS-SP3(4.19.90):
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
修复是否涉及abi变化(是/否):
1.openEuler-20.03-LTS-SP1(4.19.90):
2.openEuler-20.03-LTS-SP3(4.19.90):
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
openeuler-ci-bot
拥有者