CHK NVD : CVE-2022-48626 - a1c327f3

[CVE Configuration Update Request] Update Suggestion - CVE-2022-48626 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2022-48626 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-48626.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-48626.json

- CVE-2022-48626
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.266
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.229
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (excluding) 4.9.301
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.100
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.23
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.9
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.179
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.266
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.229
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.9.301
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.100
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.23
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.9
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.179
- Reference (Commit)
  - moxart: fix potential use-after-free on remove path
    - Fixed by
      - 4.14.266 (e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e)
      - 4.19.229 (9c25d5ff1856b91bd4365e813f566cb59aaa9552)
      - 4.9.301 (f5dc193167591e88797262ec78515a0cbe79ff5f)
      - 5.10.100 (be93028d306dac9f5b59ebebd9ec7abcfc69c156)
      - 5.15.23 (af0e6c49438b1596e4be8a267d218a0c88a42323)
      - 5.16.9 (7f901d53f120d1921f84f7b9b118e87e94b403c5)
      - 5.17 (bd2db32e7c3e35bd4d9b8bbff689434a50893546) (upstream)
      - 5.4.179 (3a0a7ec5574b510b067cfc734b8bdb6564b31d4e)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/1b66e94e6b99
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2022-48626	URI	Start(Ex)
cpe:/o:linux:linux_kernel	4.9.301
cpe:/o:linux:linux_kernel	4.10.0	4.14.266
cpe:/o:linux:linux_kernel	4.15.0	4.19.229
cpe:/o:linux:linux_kernel	4.20.0	5.4.179
cpe:/o:linux:linux_kernel	5.11.0	5.15.23
cpe:/o:linux:linux_kernel	5.16.0	5.16.9
cpe:/o:linux:linux_kernel	5.5.0	5.10.100

- CVE-2022-48626
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16 up to (excluding) 4.9.301
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.266
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.229
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.179
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.100
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.23
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.16.9
- Reference
  - https://ubuntu.com/security/CVE-2022-48626
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.9.301
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.266
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.229
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.179
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.100
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.23
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.9
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17
- Reference (Commit)
  - moxart: fix potential use-after-free on remove path
    - Fixed by
      - 4.9.301 (f5dc193167591e88797262ec78515a0cbe79ff5f)
      - 4.14.266 (e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e)
      - 4.19.229 (9c25d5ff1856b91bd4365e813f566cb59aaa9552)
      - 5.4.179 (3a0a7ec5574b510b067cfc734b8bdb6564b31d4e)
      - 5.10.100 (be93028d306dac9f5b59ebebd9ec7abcfc69c156)
      - 5.15.23 (af0e6c49438b1596e4be8a267d218a0c88a42323)
      - 5.16.9 (7f901d53f120d1921f84f7b9b118e87e94b403c5)
      - 5.17 (bd2db32e7c3e35bd4d9b8bbff689434a50893546) (upstream)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/1b66e94e6b99 (v3.16-rc1)
- I Checked
  - From ubuntu page
    - Introduced by 1b66e94e6b9995323190f31c51d8e1a6f516627e Fixed by bd2db32e7c3e35bd4d9b8bbff689434a50893546
  - bd2db32e7c3e35bd4d9b8bbff689434a50893546 is written as upstream commit in each ChangeLog
  - From 1b66e94e6b99 commit page, v3.16-rc1 is the most oldest in commit-branches area

witchcraze / NVD_CHECK

CHK NVD : CVE-2022-48626 - a1c327f3 #4550