PT-2022-1572 · Linux+9 · Linux Kernel+9
Lyu Tao
·
Published
2022-01-06
·
Updated
2024-12-10
·
CVE-2022-24448
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.16.5
Description
An issue was discovered in the Linux kernel where the nfs atomic open() function performs a regular lookup when an application sets the O DIRECTORY flag and tries to open a regular file. Instead of returning an ENOTDIR error, the server returns uninitialized data in the file descriptor. This issue is related to the lack of resource initialization in the nfs atomic open() function implementation, which could allow an attacker to impact data confidentiality.
Recommendations
For Linux kernel versions prior to 5.16.5, update to version 5.16.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the nfs atomic open() function to minimize the risk of exploitation. Avoid using the O DIRECTORY flag when trying to open regular files until the issue is resolved.
Fix
Use of Uninitialized Resource
Buffer Overflow
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu