CVE-2022-0480

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

CVSS v3.0 5.5 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2049700	Issue Tracking Third Party Advisory
https://github.com/kata-containers/kata-containers/issues/3373	Issue Tracking Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0480	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042	Patch
https://ubuntu.com/security/CVE-2022-0480	Third Party Advisory
https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2022-08-29 08:15

Updated : 2023-03-03 10:49

NVD link : CVE-2022-0480

Mitre link : CVE-2022-0480

JSON object : View

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

Advertisement

Products Affected

redhat

enterprise_linux

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2049700", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/kata-containers/kata-containers/issues/3373", "name": "https://github.com/kata-containers/kata-containers/issues/3373", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-0480", "name": "https://access.redhat.com/security/cve/CVE-2022-0480", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://ubuntu.com/security/CVE-2022-0480", "name": "https://ubuntu.com/security/CVE-2022-0480", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/", "name": "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-770"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-0480", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2022-08-29T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-03T18:49Z"}