CVE-2022-49852
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: process: fix kernel info leakage
thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork.
As for kthread case, it's better to clear the s[12] array as well.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < c4601d30f7d989b4f354df899ab85b5f7a750d30 | affected |
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < c5c0b3167537793a7cf936fb240366eefd2fc7fb | affected |
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < e56d18a976dda653194218df6d40d8122c775712 | affected |
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < cc36c7fa5d9384602529ba3eea8c5daee7be4dbc | affected |
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < 358a68f98304b40b201ba5afe94c20355aa3dc68 | affected |
| Linux | Linux | 7db91e57a0acde126a162ababfb1e0ab190130cb < 6510c78490c490a6636e48b61eeaa6fb65981f4b | affected |
| Linux | Linux | 4.15 | affected |
| Linux | Linux | 0 < 4.15 | unaffected |
| Linux | Linux | 4.19.267 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.225 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.155 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.79 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.9 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
- https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
- https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
- https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
- https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
- https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.