What is CVE-2022-39189?

CVE-2022-39189 is a high-severity vulnerability in Linux Linux_kernel. CVSS score: 7.8/10. Published 2022-09-02.

How severe is CVE-2022-39189?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2022-39189 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linux Linux_kernel

CVE-2022-39189

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

EPSS: 0.003 (23.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux Linux_kernel
Netapp Hci_baseboard_management_controller — versions h300s, h410c, h410s
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (Patch, Third Party Advisory, Issue Tracking)
cve@mitre.org (Patch, Release Notes, Vendor Advisory)
cve@mitre.org (Patch, Third Party Advisory)
cve@mitre.org (Patch, Vendor Advisory)
cve@mitre.org (Third Party Advisory)
cve@mitre.org (vendor-advisory, VDB Entry, Third Party Advisory)
cve@mitre.org (mailing-list)

Frequently asked questions

What is CVE-2022-39189?: CVE-2022-39189 is a high-severity vulnerability in Linux Linux_kernel. CVSS score: 7.8/10. Published 2022-09-02.
How severe is CVE-2022-39189?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2022-39189 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.