CVE-2022-33981 - Vulnerability Details - OpenCVE

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

No data.

References

Link	Providers
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6
https://exchange.xforce.ibmcloud.com/vulnerabilities/225362
https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2022-33981
https://seclists.org/oss-sec/2022/q2/66
https://www.cve.org/CVERecord?id=CVE-2022-33981
https://www.debian.org/security/2022/dsa-5173

History

Mon, 05 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-18T15:27:32.000Z

Updated: 2025-05-05T16:15:03.996Z

Reserved: 2022-06-18T00:00:00.000Z

Link: CVE-2022-33981

Vulnrichment

Updated: 2024-08-03T08:16:16.278Z

NVD

Status : Modified

Published: 2022-06-18T16:15:08.227

Modified: 2025-05-05T17:18:15.897

Link: CVE-2022-33981

Redhat

Severity : Moderate

Publid Date: 2022-06-18T00:00:00Z

Links: CVE-2022-33981 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-04T10:07:13.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2022/q2/66"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5173"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-33981", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362"}, {"name": "https://seclists.org/oss-sec/2022/q2/66", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2022/q2/66"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.278Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/oss-sec/2022/q2/66"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5173"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:30:57.267052Z", "id": "CVE-2022-33981", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T16:15:03.996Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33981", "datePublished": "2022-06-18T15:27:32.000Z", "dateReserved": "2022-06-18T00:00:00.000Z", "dateUpdated": "2025-05-05T16:15:03.996Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://seclists.org/oss-sec/2022/q2/66", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.debian.org/security/2022/dsa-5173", "name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.278Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-33981", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:30:57.267052Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:10:50.427Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf", "tags": ["x_refsource_MISC"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362", "tags": ["x_refsource_MISC"]}, {"url": "https://seclists.org/oss-sec/2022/q2/66", "tags": ["x_refsource_MISC"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.debian.org/security/2022/dsa-5173", "name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}], "descriptions": [{"lang": "en", "value": "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-07-04T10:07:13.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf", "name": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf", "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362", "refsource": "MISC"}, {"url": "https://seclists.org/oss-sec/2022/q2/66", "name": "https://seclists.org/oss-sec/2022/q2/66", "refsource": "MISC"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6", "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2022/dsa-5173", "name": "DSA-5173", "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-33981", "STATE": "PUBLIC", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2022-33981", "state": "PUBLISHED", "dateUpdated": "2025-05-05T16:15:03.996Z", "dateReserved": "2022-06-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-06-18T15:27:32.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5AA6133-D018-4ECD-9533-5505A0E585D7", "versionEndExcluding": "5.17.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function."}, {"lang": "es", "value": "El archivo drivers/block/floppy.c en el kernel de Linux versiones anteriores a 5.17.6, es vulnerable a una denegaci\u00f3n de servicio, debido a un fallo de uso de concurrencia despu\u00e9s de la asignaci\u00f3n de raw_cmd en la funci\u00f3n raw_cmd_ioctl"}], "id": "CVE-2022-33981", "lastModified": "2025-05-05T17:18:15.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-06-18T16:15:08.227", "references": [{"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2022/q2/66"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225362"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2022/q2/66"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5173"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: use-after-free in floppy driver may lead to a DoS", "id": "2099504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099504"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.", "A use-after-free flaw was found in drivers/block/floppy.c in floppy drive in the Linux Kernel. This issue could allow a local attacker to crash the system due to a race problem between raw_cmd_ioctl and seek_interrupt, which can lead to a kernel information leak."], "name": "CVE-2022-33981", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-33981\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-33981\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6\nhttps://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf"], "statement": "This issue does not affect RHEL 8 and 9 Kernel releases, as the config option CONFIG_BLK_DEV_FD is not enabled, therefore, they are marked as not-affected.", "threat_severity": "Moderate"}