Support Product Security

My Cloud OS 5 Firmware 5.22.113

WDC Tracking Number: WDC-22008
Published: May 18, 2022

Last Updated: May 18, 2022

Description

My Cloud OS 5 Firmware 5.22.113 includes updates to help improve the security of your My Cloud OS 5 devices.

To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

Product Impact
Minimum Fix Version
Last Updated
My Cloud PR2100
5.22.113
May 18, 2022
My Cloud PR4100
5.22.113
May 18, 2022
My Cloud EX4100
5.22.113
May 18, 2022
My Cloud EX2 Ultra
5.22.113
May 18, 2022
My Cloud Mirror G2
5.22.113
May 18, 2022
My Cloud DL2100
5.22.113
May 18, 2022
My Cloud DL4100
5.22.113
May 18, 2022
My Cloud EX2100
5.22.113
May 18, 2022
My Cloud
5.22.113
May 18, 2022
WD Cloud
5.22.113
May 18, 2022

For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/

Advisory Summary

A vulnerability in the Linux kernel’s cgroup_release_agent_write was addressed that could lead to escalation of privileges and bypass namespace isolation unexpectedly.

CVE Number: CVE-2022-0492

Addressed an integer overflow vulnerability in the GNU Multiple Arithmetic Library that could lead to a buffer overflow via crafted input.

CVE Number: CVE-2021-43618

Addressed an issue in OpenSSL that would make it possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing takes place before the certificate signature verification process, this could lead to a denial-of-service attack.

CVE Number: CVE-2022-0778