CVE-2022-48832
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
audit: don't deref the syscall args when checking the openat2 open_how::flags
As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how().
Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1c30e3af8a79260cdba833a719209b01e6b92300 < 310c9ddfdf1f8d3c9834f02175eae79c8b254b6c | affected |
| Linux | Linux | 1c30e3af8a79260cdba833a719209b01e6b92300 < 7a82f89de92aac5a244d3735b2bd162c1147620c | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 5.16.10 <= 5.16.* | unaffected |
| Linux | Linux | 5.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c
- https://git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c
- https://git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.