Title: May 2023 Linux Kernel Vulnerabilities in StarWind Products

Note: StarWind will continue to update this vulnerability as new information becomes available.

Vulnerability ID: SW-20230501-0001

Version: 2.0

Date: 2023-05-01

Status: Final

CVEs: CVE-2022-42896, CVE-2022-3643, CVE-2022-43945, CVE-2022-45934, CVE-2023-23559, CVE-2022-4382, CVE-2022-2196, CVE-2021-3669, CVE-2022-41850, CVE-2022-3640, CVE-2023-20928, CVE-2022-41849, CVE-2022-42895, CVE-2022-3628, CVE-2022-3649, CVE-2022-3169, CVE-2022-3424, CVE-2022-3435, CVE-2022-3521, CVE-2022-3545, CVE-2022-3623, CVE-2022-36280, CVE-2022-41218, CVE-2022-4139, CVE-2022-4378, CVE-2022-47520, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-1829, CVE-2022-40307, CVE-2022-39842, CVE-2022-3646, CVE-2022-3061,CVE-2022-3303, CVE-2022-20421, CVE-2022-3586, CVE-2022-43750, CVE-2022-39188, CVE-2022-4095, CVE-2022-2663, CVE-2023-1281, CVE-2022-3903, CVE-2022-3108, CVE-2023-26545, CVE-2022-4129, CVE-2023-1074, CVE-2023-1073

Summary

Multiple StarWind products incorporate Linux Kernel.

Impact

Successful exploitation of these vulnerabilities could lead to the disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Vulnerability Scoring

CVE CVSS 2.0 Score CVSS 3.x Score Vector
CVE-2022-42896 N/A 8.8 (HIGH) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3643 N/A 10 (CRITICAL) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2022-43945 N/A 7.5 (HIGH) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-45934 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23559 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-4382 N/A 6.4 (MEDIUM) CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2196 N/A 8.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-3669 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41850 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3640 N/A 8.8 (HIGH) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-20928 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 N/A 6.5 (MEDIUM) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-42895 N/A 6.5 (MEDIUM) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-3628 N/A 6.6 (MEDIUM) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3649 N/A 7.0 (HIGH) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3169 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3424 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3435 N/A 4.3 (MEDIUM) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-3521 N/A 2.5 (LOW) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-3545 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3623 N/A 7.5 (HIGH) CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36280 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4139 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-4378 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47520 N/A 7.1 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-47929 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-0045 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-0266 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-1829 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40307 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39842 N/A 6.1 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-3646 N/A 4.3 (MEDIUM) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-3061 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20421 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3586 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-43750 N/A 6.7 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4095 N/A 7.8 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2663 N/A 5.3 (MEDIUM) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-1281 N/A 7.8 (HIGH) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3903 N/A 4.6 (MEDIUM) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3108 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-26545 N/A 4.7 (MEDIUM) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4129 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-1074 N/A 5.5 (MEDIUM) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-1073 N/A 6.6 (MEDIUM) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

References

Resource Hyperlink
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-42896
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3643
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-43945
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-45934
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-23559
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-4382
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-2196
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-3669
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-41850
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3640
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-20928
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-41849
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-42895
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3628
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3649
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3169
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3424
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3435
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3521
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3545
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3623
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36280
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-41218
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-4139
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-4378
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-47520
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-47929
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-0045
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-0266
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-1829
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-40307
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-39842
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3646
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3061
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3303
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-20421
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3586
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-43750
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-39188
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-4095
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-2663
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-1281
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3903
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-3108
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-26545
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-4129
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-1074
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-1073

 

Affected Products: 

StarWind SAN&NAS V8 R14

Not affected products:

StarWind HCA and Command Center (all versions)

StarWind VSAN (all versions)

StarWind VTL component (all versions for Windows Server)

StarWind V2V (all versions)

StarWind Tape Redirector component (all versions)

StarWind Deduplication Analyzer (all versions)

StarWind rPerf (all versions)

StarWind iSCSI Accelerator (all versions)

StarWind NVMe-oF Initiator (all versions)

Software Versions and Fixes

Fixed in StarWind SAN & NAS V8 R15

Workaround

Update to StarWind SAN & NAS V8 R15 or higher

Obtaining Software Fixes 

Software updates will be available in StarWind release notes – https://www.starwindsoftware.com/release-notes-build. To update the software, perform the steps described at the following link  – https://knowledgebase.starwindsoftware.com/guidance/upgrading-from-any-starwind-version-to-any-starwind-version/ or contact support to perform an update. You can submit a support request using the following link https://www.starwindsoftware.com/support-form or contact Support directly via email support@starwind.com or via phone +1 617 829 4499.

Status of Notice

Final

StarWind will continue to update information regarding this vulnerability as new details become available.

This vulnerability article should be considered as the single source of current, up-to-date, authorized and accurate information posted by StarWind Software.

Revision History 

Revision # Date Comments
1.0 2023-05-01 Initial Public Release
2.0 2023-06-19 Added remediation versions and final status