PT-2022-2846 · Linux+9 · Linux Kernel+9

Michael Kaplan

Published

2022-01-11

Updated

2023-08-14

CVE-2022-0494

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel information leak flaw was identified in the scsi ioctl function in drivers/scsi/scsi ioctl.c in the Linux kernel. This flaw allows a local attacker with special user privileges (CAP SYS ADMIN or CAP SYS RAWIO) to create issues with confidentiality. The flaw is related to a lack of protection for service data, which can be exploited to disclose protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-200

Related Identifiers

ALSA-2022:6002

ALSA-2022:6003

ALSA-2022:7110

ALSA-2022:7134

ALT-PU-2022-1647

ALT-PU-2022-1730

ALT-PU-2022-1768

ALT-PU-2022-2155

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-9240

BDU:2022-03400

CESA-2022_7110

CESA-2022_7134

CVE-2022-0494

DLA-3065-1

DSA-5161-1

DSA-5173-1

OESA-2022-1604

OPENSUSE-SU-2022_2520-1

OPENSUSE-SU-2022_2615-1

RHSA-2022:6002

RHSA-2022:6003

RHSA-2022:6243

RHSA-2022:6248

RHSA-2022:7110

RHSA-2022:7134

RHSA-2022_6002

RHSA-2022_6003

RHSA-2022_7110

RHSA-2022_7134

RLSA-2022:7110

RLSA-2022:7134

SUSE-SU-2022:2520-1

SUSE-SU-2022:2615-1

USN-5381-1

USN-5560-1

USN-5560-2

USN-5562-1

USN-5582-1

USN-6001-1

USN-6013-1

USN-6014-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-2846 · Linux+9 · Linux Kernel+9

CVE-2022-0494

Weakness Enumeration

Related Identifiers

Affected Products

References · 473