search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2022-48425 - 9a365322 #4454

Open witchcraze opened 2 weeks ago

witchcraze commented 2 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2022-48425 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2022-48425 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-48425.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-48425.json

- CVE-2022-48425
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.113
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.33
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.3.0 up to (excluding) 6.3.4
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.4.0 up to (excluding) 6.4
- Reference
  - https://github.com/torvalds/linux/commit/467333af2f7b95eeaa61a5b5369a80063cd971fd
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.113
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.33
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.4
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
- Reference (Commit)
  - fs/ntfs3: Validate MFT flags before replaying logs
    - Fixed by
      - - (467333af2f7b95eeaa61a5b5369a80063cd971fd)
      - 5.15.113 (2a67f26f70ab344ae6ea78638890eebc1191a501)
      - 6.1.33 (a8eaa9a06addbd9cb0238cb1c729921ecbb6504c)
      - 6.3.4 (e6f4b1c32d6d6047958d7700d12fed6d91f441e7)
      - 6.4 (98bea253aa28ad8be2ce565a9ca21beb4a9419e5) (upstream)
    - Will be introduced by
      - 5.15 (12dad495eaab)
      - 5.15 (a848c4f15ab6)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2022-48425 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 6.2.7
witchcraze commented 2 weeks ago 
- CVE-2022-48425
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.113
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.33
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.3.4
- Reference
  - https://ubuntu.com/security/CVE-2022-48425
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.113
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.33
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.3.4
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.4
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
- Reference (Commit)
  - fs/ntfs3: Validate MFT flags before replaying logs
    - Fixed by
      - 5.15.113 (2a67f26f70ab344ae6ea78638890eebc1191a501)
      - 6.1.33 (a8eaa9a06addbd9cb0238cb1c729921ecbb6504c)
      - 6.3.4 (e6f4b1c32d6d6047958d7700d12fed6d91f441e7)
      - 6.4 (98bea253aa28ad8be2ce565a9ca21beb4a9419e5) (upstream)
    - Will be introduced by
      - 5.15 (12dad495eaab)
- I Checked
  - From ubuntu page
    - Introduced by 12dad495eaab95e0bb784c43869073617c513ea4 Fixed by 98bea253aa28ad8be2ce565a9ca21beb4a9419e5
  - 98bea253aa28ad8be2ce565a9ca21beb4a9419e5 is written as upstream commit in each ChangeLog
  - 12dad495eaab95e0bb784c43869073617c513ea4 is writtein in ChangeLog-5.15