CVE-2022-48747

Summary

In the Linux kernel, the following vulnerability has been resolved:

block: Fix wrong offset in bio_truncate()

bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized data.

This happened when both of truncated/corrupted FS and userspace (via bdev) are trying to read the last of bdev.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux943cd69efac437d82a7aea0659fccbcc071730de < 6cbf4c731d7812518cd857c2cfc3da9fd120f6aeaffected
LinuxLinux85a8ce62c2eabe28b9d76ca4eecf37922402df93 < b63e120189fd92aff00096d11e2fc5253f60248baffected
LinuxLinux85a8ce62c2eabe28b9d76ca4eecf37922402df93 < 4633a79ff8bc82770486a063a08b55e5162521d8affected
LinuxLinux85a8ce62c2eabe28b9d76ca4eecf37922402df93 < 941d5180c430ce5b0f7a3622ef9b76077bfa3d82affected
LinuxLinux85a8ce62c2eabe28b9d76ca4eecf37922402df93 < 3ee859e384d453d6ac68bfd5971f630d9fa46ad3affected
LinuxLinux5.4.9 < 5.4.176affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.4.176 <= 5.4.*unaffected
LinuxLinux5.10.96 <= 5.10.*unaffected
LinuxLinux5.15.19 <= 5.15.*unaffected
LinuxLinux5.16.5 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References