CVE-2022-48671 - Vulnerability Details - OpenCVE

ReportizFlow

In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that cpuset_attach() is also called from cgroup_attach_task_all(). Add cpus_read_lock() like what cgroup_procs_write_start() does.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9
https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff
https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6
https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75
https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e
https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d
https://nvd.nist.gov/vuln/detail/CVE-2022-48671
https://www.cve.org/CVERecord?id=CVE-2022-48671

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-03T14:50:23.558Z

Updated: 2024-12-19T08:05:27.795Z

Reserved: 2024-02-25T13:44:28.321Z

Link: CVE-2022-48671

Vulnrichment

Updated: 2024-08-03T15:17:55.720Z

NVD

Status : Modified

Published: 2024-05-03T15:15:07.433

Modified: 2024-11-21T07:33:44.827

Link: CVE-2022-48671

Redhat

Severity : Moderate

Publid Date: 2024-05-03T00:00:00Z

Links: CVE-2022-48671 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48671", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:44:28.321Z", "datePublished": "2024-05-03T14:50:23.558Z", "dateUpdated": "2024-12-19T08:05:27.795Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:27.795Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/cgroup/cgroup-v1.c"], "versions": [{"version": "e446300968c6bd25d9cd6c33b9600780a39b3975", "lessThan": "321488cfac7d0eb6d97de467015ff754f85813ff", "status": "affected", "versionType": "git"}, {"version": "59c6902a96b4439e07c25ef86a4593bea5481c3b", "lessThan": "07191f984842d50020789ff14c75da436a7f46a9", "status": "affected", "versionType": "git"}, {"version": "dee1e2b18cf5426eed985512ccc6636ec69dbdd6", "lessThan": "9f267393b036f1470fb12fb892d59e7ff8aeb58d", "status": "affected", "versionType": "git"}, {"version": "3bf4bf54069f9b62a54988e5d085023c17a66c90", "lessThan": "5db17805b6ba4c34dab303f49aea3562fc25af75", "status": "affected", "versionType": "git"}, {"version": "c0deb027c99c099aa6b831e326bfba802b25e774", "lessThan": "99bc25748e394d17f9e8b10cc7f273b8e64c1c7e", "status": "affected", "versionType": "git"}, {"version": "4f7e7236435ca0abe005c674ebd6892c6e83aeb3", "lessThan": "43626dade36fa74d3329046f4ae2d7fdefe401c6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/cgroup/cgroup-v1.c"], "versions": [{"version": "5.4.213", "lessThan": "5.4.215", "status": "affected", "versionType": "semver"}, {"version": "5.10.143", "lessThan": "5.10.145", "status": "affected", "versionType": "semver"}, {"version": "5.15.68", "lessThan": "5.15.70", "status": "affected", "versionType": "semver"}, {"version": "5.19.9", "lessThan": "5.19.11", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"}, {"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"}, {"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"}, {"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"}, {"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"}, {"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"}], "title": "cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-667", "lang": "en", "description": "CWE-667 Improper Locking"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-06T15:12:14.079254Z", "id": "CVE-2022-48671", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:42:25.347Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.720Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.720Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-48671", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T15:12:14.079254Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-667", "description": "CWE-667 Improper Locking"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.089Z"}}], "cna": {"title": "cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e446300968c6bd25d9cd6c33b9600780a39b3975", "lessThan": "321488cfac7d0eb6d97de467015ff754f85813ff", "versionType": "git"}, {"status": "affected", "version": "59c6902a96b4439e07c25ef86a4593bea5481c3b", "lessThan": "07191f984842d50020789ff14c75da436a7f46a9", "versionType": "git"}, {"status": "affected", "version": "dee1e2b18cf5426eed985512ccc6636ec69dbdd6", "lessThan": "9f267393b036f1470fb12fb892d59e7ff8aeb58d", "versionType": "git"}, {"status": "affected", "version": "3bf4bf54069f9b62a54988e5d085023c17a66c90", "lessThan": "5db17805b6ba4c34dab303f49aea3562fc25af75", "versionType": "git"}, {"status": "affected", "version": "c0deb027c99c099aa6b831e326bfba802b25e774", "lessThan": "99bc25748e394d17f9e8b10cc7f273b8e64c1c7e", "versionType": "git"}, {"status": "affected", "version": "4f7e7236435ca0abe005c674ebd6892c6e83aeb3", "lessThan": "43626dade36fa74d3329046f4ae2d7fdefe401c6", "versionType": "git"}], "programFiles": ["kernel/cgroup/cgroup-v1.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4.213", "lessThan": "5.4.215", "versionType": "semver"}, {"status": "affected", "version": "5.10.143", "lessThan": "5.10.145", "versionType": "semver"}, {"status": "affected", "version": "5.15.68", "lessThan": "5.15.70", "versionType": "semver"}, {"status": "affected", "version": "5.19.9", "lessThan": "5.19.11", "versionType": "semver"}], "programFiles": ["kernel/cgroup/cgroup-v1.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"}, {"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"}, {"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"}, {"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"}, {"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"}, {"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:27.795Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48671", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:05:27.795Z", "dateReserved": "2024-02-25T13:44:28.321Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-03T14:50:23.558Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAF6A51F-91BE-470A-BC94-106FBEBDE4F6", "versionEndExcluding": "5.4.215", "versionStartIncluding": "5.4.213", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A93088C4-AC28-4734-A727-4429288BC061", "versionEndExcluding": "5.10.145", "versionStartIncluding": "5.10.143", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BA07670-1C67-48AF-A2DC-E61C989786BB", "versionEndExcluding": "5.15.70", "versionStartExcluding": "5.15.68", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "326EC0A7-7FF1-4113-B850-72AEF9BCCB37", "versionEndExcluding": "5.19.11", "versionStartIncluding": "5.19.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cgroup: agregue cpus_read_lock() faltante a cgroup_attach_task_all() syzbot est\u00e1 presionando la advertencia percpu_rwsem_assert_held(&cpu_hotplug_lock) en cpuset_attach() [1], para el commit 4f7e7236435ca0ab (\"cgroup: Fix threadgroup_rwsem <- > cpus_read_lock() deadlock\") se perdi\u00f3 que cpuset_attach() tambi\u00e9n se llama desde cgroup_attach_task_all(). Agregue cpus_read_lock() como lo hace cgroup_procs_write_start()."}], "id": "CVE-2022-48671", "lastModified": "2024-11-21T07:33:44.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-03T15:15:07.433", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-667"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()", "id": "2278940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278940"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does.", "A flaw was found in the Linux kernel due to a missing `cpus_read_lock()` in the `cgroup_attach_task_all()` function. This issue led to a warning in the `cpuset_attach()` function, triggered by a deadlock between `threadgroup_rwsem` and `cpus_read_lock().`"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48671", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48671\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48671"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.215, kernel 5.10.145, kernel 5.15.70, kernel 5.19.11"}