CVE-2022-1678

moderate-risk
Published 2022-05-25

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (17)

Cloud Volumes Ontap Mediator

Affected Vendors

Linux Netapp

References (14)

Third Party Advisory https://anas.openanolis.cn/cves/detail/CVE-2022-1678
Third Party Advisory https://anas.openanolis.cn/errata/detail/ANSA-2022:0143
Issue Tracking https://bugzilla.openanolis.cn/show_bug.cgi?id=61
Permissions Required https://gitee.com/anolis/cloud-kernel/commit/bed537da691b
Patch https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25...
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
Third Party Advisory https://security.netapp.com/advisory/ntap-20220715-0001/
Third Party Advisory https://anas.openanolis.cn/cves/detail/CVE-2022-1678
Third Party Advisory https://anas.openanolis.cn/errata/detail/ANSA-2022:0143
Issue Tracking https://bugzilla.openanolis.cn/show_bug.cgi?id=61
Permissions Required https://gitee.com/anolis/cloud-kernel/commit/bed537da691b
Patch https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25...
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/
Third Party Advisory https://security.netapp.com/advisory/ntap-20220715-0001/
41
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 19/34 · Moderate