PT-2021-8042 · Linux+4 · Linux Kernel+4

Syzbot

·

Published

2021-12-31

·

Updated

2023-08-14

·

CVE-2022-0382

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc1
Description The issue is related to an information leak flaw in the Linux kernel's TIPC protocol subsystem. This flaw occurs due to uninitialized memory when a user sends a TIPC datagram to one or more destinations, allowing a local user to read some kernel memory. The issue is limited to no more than 7 bytes, and the user cannot control what is read.
Recommendations For Linux kernel versions prior to 5.17-rc1, update to version 5.17-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the TIPC protocol subsystem until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

ALT-PU-2022-1387
ALT-PU-2022-1456
ALT-PU-2022-1647
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-8579
BDU:2024-04166
CVE-2022-0382
USN-5278-1
USN-5337-1
USN-5368-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Ubuntu