Vulnerability Details CVE-2022-28796
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.9%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
- https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e
- https://security.netapp.com/advisory/ntap-20220506-0006/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
- https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e
- https://security.netapp.com/advisory/ntap-20220506-0006/
Products affected by CVE-2022-28796
-
_enterprise_sds_&_hci_storage_node:-
-
cpe:2.3:a:netapp:active_iq_unified_manager:-
-
cpe:2.3:a:netapp:solidfire
-
cpe:2.3:a:netapp:solidfire_&_hci_management_node:-
-
cpe:2.3:h:netapp:h300e:-
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500e:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700e:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:h:netapp:hci_compute_node:-
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:linux:linux_kernel:5.17
-
cpe:2.3:o:netapp:h300e_firmware:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500e_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700e_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-
-
cpe:2.3:o:netapp:hci_compute_node_firmware:-
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0