PT-2022-4893 · Linux+6 · Linux Kernel+6
Chengjia4574
+3
·
Published
2022-09-08
·
Updated
2024-03-25
·
CVE-2022-40768
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 5.19.9
Description
The issue is related to the
stex queuecommand lck() function in the Linux kernel, which is associated with the disclosure of information in an error data area. This can allow an attacker to gain unauthorized access to protected information. The problem arises because stex queuecommand lck lacks a memset for the PASSTHRU CMD case, enabling local users to obtain sensitive information from kernel memory.Recommendations
For Linux kernel versions through 5.19.9, consider updating to a version that includes a fix for this issue, as the current version allows local users to obtain sensitive information due to a missing
memset in the stex queuecommand lck function for the PASSTHRU CMD case.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Use of Uninitialized Resource
Information Disclosure
Exposure of Resource to Wrong Sphere
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu