CVE-2022-2938
Last modified
CVE-2022-2938 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.2, < 5.4.177 |
| Linux | Linux Kernel | >= 5.5, < 5.10.97 |
| Linux | Linux Kernel | >= 5.11, < 5.15.19 |
| Linux | Linux Kernel | >= 5.16, < 5.16.5 |
| Fedoraproject | Fedora | 35 |
| Redhat | Enterprise Linux | 8.0 |
| Netapp | H300s Firmware | All versions |
| Netapp | H500s Firmware | All versions |
| Netapp | H700s Firmware | All versions |
| Netapp | H410s Firmware | All versions |
| Netapp | H410c Firmware | All versions |
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848Mailing List, Patch, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20221223-0002/Third Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848Mailing List, Patch, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20221223-0002/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2938?
How severe is CVE-2022-2938?
How do I fix CVE-2022-2938?
Are you affected by CVE-2022-2938?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST