search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2022-48788 - 1411ac98 #5131

Open witchcraze opened 3 weeks ago

witchcraze commented 3 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2022-48788 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2022-48788 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-48788.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-48788.json

- CVE-2022-48788
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.231
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.102
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.25
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.11
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.181
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.231
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.102
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.25
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.11
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.181
- Reference (Commit)
  - nvme-rdma: fix possible use-after-free in transport error_recovery work
    - Fixed by
      - 4.19.231 (5593f72d1922403c11749532e3a0aa4cf61414e9)
      - 5.10.102 (324f5bdc52ecb6a6dadb31a62823ef8c709d1439)
      - 5.15.25 (646952b2210f19e584d2bf9eb5d092abdca2fcc1)
      - 5.16.11 (ea86027ac467a055849c4945906f799e7f65ab99)
      - 5.17 (b6bb1722f34bbdbabed27acdceaf585d300c5fd2) (upstream)
      - 5.4.181 (d411b2a5da68b8a130c23097014434ac140a2ace)
    - Will be introduced by
      - 2.6.12 (1da177e4c3f4)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2022-48788 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 4.19.231
cpe:/o:linux:linux_kernel 4.20 5.4.181
cpe:/o:linux:linux_kernel 5.11 5.16.11
cpe:/o:linux:linux_kernel 5.5 5.10.102
witchcraze commented 2 weeks ago

5.15系追加