NVD Vulnerability Detail

CVE-2022-0171

Summary	A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
Publication Date	Aug. 27, 2022, 3:15 a.m.
Registration Date	Aug. 27, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:38 p.m.

Affected software configurations

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/security/cve/CVE-2022-0171	Third Party Advisory
2	https://access.redhat.com/security/cve/CVE-2022-0171	Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=2038940	Issue Tracking Patch Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=2038940	Issue Tracking Patch Third Party Advisory
5	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b	Mailing List Patch Vendor Advisory
6	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b	Mailing List Patch Vendor Advisory
7	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List Third Party Advisory
8	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List Third Party Advisory
9	https://www.debian.org/security/2022/dsa-5257	Third Party Advisory
10	https://www.debian.org/security/2022/dsa-5257	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-212	保存または転送前の重要な情報の不適切な削除	https://cwe.mitre.org/data/definitions/212.html

JVN Vulnerability Information

Linux の Linux Kernel 他複数ベンダの製品における保存または転送前の重要な情報の削除に関する脆弱性

Title	Linux の Linux Kernel 他複数ベンダの製品における保存または転送前の重要な情報の削除に関する脆弱性
Summary	Linux の Linux Kernel 他複数ベンダの製品には、保存または転送前の重要な情報の削除に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 21, 2022, midnight
Registration Date	Oct. 16, 2023, 1:47 p.m.
Last Update	Oct. 16, 2023, 1:47 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 8.0

Red Hat Enterprise Linux 9.0

Debian

Debian GNU/Linux 10.0

Debian GNU/Linux 11.0

Linux

Linux Kernel 5.18

Linux Kernel 5.18 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-0171	https://www.cve.org/CVERecord?id=CVE-2022-0171
National Vulnerability Database (NVD)
2	CVE-2022-0171	https://nvd.nist.gov/vuln/detail/CVE-2022-0171
Red Hat Customer Portal
3	CVE-2022-0171	https://access.redhat.com/security/cve/CVE-2022-0171

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-212	https://cwe.mitre.org/data/definitions/212.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 3173-1] linux-5.10 security update	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Debian Security Advisory
2	DSA-5257-1	https://www.debian.org/security/2022/dsa-5257
Linux Kernel
3	Linux Kernel Archives	https://www.kernel.org
Linux kernel source tree
4	KVM: SEV: add cache flush to solve SEV cache incoherency issues	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b
Red Hat Bugzilla
5	Bug 2038940	https://bugzilla.redhat.com/show_bug.cgi?id=2038940

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-23-166-11	https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11
JVN
2	JVNVU#99464755	https://jvn.jp/vu/JVNVU99464755/

Change Log

No	Changed Details	Date of change
1	[2023年10月16日] 掲載	Oct. 16, 2023, 1:47 p.m.