CVE-2022-48804

Summary

In the Linux kernel, the following vulnerability has been resolved:

vt_ioctl: fix array_index_nospec in vt_setactivate

array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0ec459ec174031fad02a55e622cf2fc0d2e75a25 < 830c5aa302ec16b4ee641aec769462c37f802c90affected
LinuxLinux4334a6ae867aa12f01c1755368fd0de4c926ac75 < 2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0affected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < 170325aba4608bde3e7d21c9c19b7bc266ac0885affected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < ae3d57411562260ee3f4fd5e875f410002341104affected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < 778302ca09498b448620edd372dc908bebf80bdfaffected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < ffe54289b02e9c732d6f04c8ebbe3b2d90d32118affected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < 6550bdf52846f85a2a3726a5aa0c7c4399f2fc02affected
LinuxLinuxe97267cb4d1ee01ca0929638ec0fcbb0904f903d < 61cc70d9e8ef5b042d4ed87994d20100ec8896d9affected
LinuxLinux458697ab18b512445ac273ce68a9f8fd623fc0a3affected
LinuxLinux1aa698b65186c13ed775896ed1dfec7c26c73d60affected
LinuxLinux52ef74c21c277e50de771fc722d814a830b3036baffected
LinuxLinux4.9.130 < 4.9.302affected
LinuxLinux4.14.73 < 4.14.267affected
LinuxLinux3.16.62 < 3.17affected
LinuxLinux4.4.159 < 4.5affected
LinuxLinux4.18.11 < 4.19affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux4.9.302 <= 4.9.*unaffected
LinuxLinux4.14.267 <= 4.14.*unaffected
LinuxLinux4.19.230 <= 4.19.*unaffected
LinuxLinux5.4.180 <= 5.4.*unaffected
LinuxLinux5.10.101 <= 5.10.*unaffected
LinuxLinux5.15.24 <= 5.15.*unaffected
LinuxLinux5.16.10 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References