CVE-2022-48804
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
vt_ioctl: fix array_index_nospec in vt_setactivate
array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec.
Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0ec459ec174031fad02a55e622cf2fc0d2e75a25 < 830c5aa302ec16b4ee641aec769462c37f802c90 | affected |
| Linux | Linux | 4334a6ae867aa12f01c1755368fd0de4c926ac75 < 2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0 | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < 170325aba4608bde3e7d21c9c19b7bc266ac0885 | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < ae3d57411562260ee3f4fd5e875f410002341104 | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < 778302ca09498b448620edd372dc908bebf80bdf | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < ffe54289b02e9c732d6f04c8ebbe3b2d90d32118 | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < 6550bdf52846f85a2a3726a5aa0c7c4399f2fc02 | affected |
| Linux | Linux | e97267cb4d1ee01ca0929638ec0fcbb0904f903d < 61cc70d9e8ef5b042d4ed87994d20100ec8896d9 | affected |
| Linux | Linux | 458697ab18b512445ac273ce68a9f8fd623fc0a3 | affected |
| Linux | Linux | 1aa698b65186c13ed775896ed1dfec7c26c73d60 | affected |
| Linux | Linux | 52ef74c21c277e50de771fc722d814a830b3036b | affected |
| Linux | Linux | 4.9.130 < 4.9.302 | affected |
| Linux | Linux | 4.14.73 < 4.14.267 | affected |
| Linux | Linux | 3.16.62 < 3.17 | affected |
| Linux | Linux | 4.4.159 < 4.5 | affected |
| Linux | Linux | 4.18.11 < 4.19 | affected |
| Linux | Linux | 4.19 | affected |
| Linux | Linux | 0 < 4.19 | unaffected |
| Linux | Linux | 4.9.302 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.267 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.230 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.180 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.101 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.24 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.10 <= 5.16.* | unaffected |
| Linux | Linux | 5.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
- https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
- https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
- https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
- https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
- https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
- https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
- https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
- https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
- https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
- https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
- https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
- https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
- https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
- https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.