Headline
CVE-2022-0646: CVE-2022-0646 Linux Kernel Vulnerability in NetApp Products
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
- Home
- Advisory
- CVE-2022-0646 Linux Kernel Vulnerability in NetApp Products
circle-info NetApp will continue to update this advisory as additional information becomes available.
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.
Subscribe to NTAP-20220318-0006 updates
Unsubscribe from NTAP-20220318-0006 advisory updates
Advisory ID: NTAP-20220318-0006 Version: 2.0 Last updated: 04/18/2022 Status: Interim. CVEs: CVE-2022-0646
This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.