CHK NVD : CVE-2022-1158 - 58ebbeee

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2022-1158 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2022-1158 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-1158.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-1158.json

- CVE-2022-1158
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.110
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.33
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.19
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18.0 up to (excluding) 5.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18.0 up to (excluding) 5.18.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.19.0 up to (excluding) 5.19
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.189
- Reference
  - https://github.com/torvalds/linux/commit/cc8c837cf1b2f714dda723541c04acd1b8922d92
  - https://ubuntu.com/security/CVE-2022-1158
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.110
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.33
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.19
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17.13
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17.2
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.18
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.18.2
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.19
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.189
- Reference (Commit)
  - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
    - Fixed by
      - 5.10.110 (e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f)
      - 5.15.33 (8771d9673e0bdb7148299f3c074667124bde6dff)
      - 5.16.19 (9a611c57530050dc359a83177c2f97678b1f961e)
      - 5.17.2 (5051c04d70c6e035c2c923c04fbe015a4468b08d)
      - 5.18 (2a8859f373b0a86f0ece8ec8312607eacf12485d) (upstream)
      - 5.4.189 (1553126eccf4fad17afaeaed08db9e5944aa2d55)
    - Will be introduced by
      - 5.2 (bd53cb35a3e9)
  - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
    - Fixed by
      - - (cc8c837cf1b2f714dda723541c04acd1b8922d92)
      - 5.17.13 (38b888911e8dc89b89d8147cfb1d2dbe6373bf78)
      - 5.18.2 (8089e5e1d18402fb8152d6b6815450a36fffa9b0)
      - 5.19 (f122dfe4476890d60b8c679128cd2259ec96a24c) (upstream)
    - Will be introduced by
      - 5.2 (bd53cb35a3e9)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2022-1158	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:linux:linux_kernel	5.2	5.18
cpe:/o:fedoraproject:fedora:36

[witchcraze]

RedhatとDebianには片方しか記載がない