{"id":"CVE-2022-39189","details":"An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.","aliases":["A-245869446","ASB-A-245869446"],"modified":"2026-03-20T12:14:27.830547Z","published":"2022-09-02T05:15:07.693Z","related":["ALSA-2023:2148","ALSA-2023:2458","ALSA-2023:2736","ALSA-2023:2951","SUSE-SU-2022:3585-1","SUSE-SU-2022:3601-1","SUSE-SU-2022:3605-1","SUSE-SU-2022:3606-1","SUSE-SU-2022:3607-1","SUSE-SU-2022:3628-1","SUSE-SU-2022:3648-1","SUSE-SU-2022:3657-1","SUSE-SU-2022:3844-1","SUSE-SU-2022:3897-1","SUSE-SU-2022:3929-1","SUSE-SU-2022:4038-1","SUSE-SU-2022:4053-1","SUSE-SU-2022:4589-1","SUSE-SU-2022:4614-1","SUSE-SU-2022:4617-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5480"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230214-0007/"},{"type":"FIX","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2309"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17"},{"type":"FIX","url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"6cd88243c7e03845a450795e134b488fc2afb736"}]},{"type":"GIT","repo":"https://github.com/torvalds/linux","events":[{"introduced":"0"},{"fixed":"6cd88243c7e03845a450795e134b488fc2afb736"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"6cd88243c7e03845a450795e134b488fc2afb736"}]},{"type":"GIT","repo":"https://github.com/torvalds/linux","events":[{"introduced":"0"},{"fixed":"6cd88243c7e03845a450795e134b488fc2afb736"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.16"},{"fixed":"5.4.244"}]},{"events":[{"introduced":"5.5.0"},{"fixed":"5.10.180"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.60"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.18.17"}]},{"events":[{"introduced":"0"},{"last_affected":"h300s"}]},{"events":[{"introduced":"0"},{"last_affected":"h410c"}]},{"events":[{"introduced":"0"},{"last_affected":"h410s"}]},{"events":[{"introduced":"0"},{"last_affected":"h500s"}]},{"events":[{"introduced":"0"},{"last_affected":"h700s"}]},{"events":[{"introduced":"0"},{"fixed":"5.18.17"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39189.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}