PT-2021-1526 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2021-05-06

·

Updated

2023-10-05

·

CVE-2022-0850

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions linux kernel (affected versions not specified)
Description A vulnerability in the linux kernel allows for an information leak. This issue is related to the ext4 extent header and can lead to the disclosure of protected information to userspace. Additionally, the copy page to iter() function is affected, which may also result in information disclosure or denial of service. The vulnerability can be exploited to reveal sensitive information or cause a service disruption. In the extents.c file, multiple functions contain a possible out of bounds read due to uninitialized data, potentially leading to local information disclosure without requiring additional execution privileges or user interaction.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2021-2824
ALT-PU-2021-2926
ALT-PU-2021-3041
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
ASB-A-245406696
AZL-28062
BDU:2022-02696
CESA-2022_1975
CESA-2022_1988
CVE-2022-0850
OESA-2021-1310
OPENSUSE-SU-2022_1163-1
OPENSUSE-SU-2022_1183-1
OPENSUSE-SU-2022_1256-1
RHSA-2022:1975
RHSA-2022:1988
RHSA-2022_1975
RHSA-2022_1988
SUSE-SU-2022:1163-1
SUSE-SU-2022:1183-1
SUSE-SU-2022:1196-1
SUSE-SU-2022:1197-1
SUSE-SU-2022:1255-1
SUSE-SU-2022:1256-1
SUSE-SU-2022:1257-1
SUSE-SU-2022:1266-1
SUSE-SU-2022:1267-1
SUSE-SU-2022:1270-1
SUSE-SU-2022:1283-1
SUSE-SU-2022:1402-1
SUSE-SU-2022:1407-1
USN-5650-1

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Suse
Ubuntu
Linux Kernel