CVE-2022-48340

Publication date 21 February 2023

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

Status

Package Ubuntu Release Status
glusterfs 24.10 oracular
Not affected
24.04 LTS noble
Vulnerable, work in progress
23.10 mantic
Fixed 10.3-5ubuntu0.1
23.04 lunar
Fixed 10.3-4ubuntu0.2
22.10 kinetic Ignored end of life, was deferred [2023-09-22]
22.04 LTS jammy
Fixed 10.1-1ubuntu0.2
20.04 LTS focal
Vulnerable
18.04 LTS bionic
Vulnerable
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
glusterfs

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-6507-1
    • GlusterFS vulnerability
    • 22 November 2023

Other references