CVE-2022-48832

Summary

In the Linux kernel, the following vulnerability has been resolved:

audit: don't deref the syscall args when checking the openat2 open_how::flags

As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how().

Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1c30e3af8a79260cdba833a719209b01e6b92300 < 310c9ddfdf1f8d3c9834f02175eae79c8b254b6caffected
LinuxLinux1c30e3af8a79260cdba833a719209b01e6b92300 < 7a82f89de92aac5a244d3735b2bd162c1147620caffected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.16.10 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References